At Blue Ridge, the privacy of our Data Subjects and their Personal Data is of utmost importance to us. And in line with our resolution, we have developed this Privacy Policy to explain your privacy rights, particularly regarding how we collect, process, retain, share and protect your Personal Data when you visit our website, premises or use our digital platforms (collectively, "the Platform" or "Services").
This Privacy Policy between Blue Ridge Microfinance Bank Limited ("Blue Ridge") and you constitutes our commitment to your continued privacy on all our platforms. It is designed to provide information regarding our privacy practices and help you understand how we handle your data, in full compliance with the provisions of the Nigeria Data Protection Act 2023 and other applicable data protection regulations.
1. Consent When you access our platforms and give your consent upon such access, you accept this privacy policy; in particular, as you use the services offered on our website and digital platform or visit any of our offices and submit your data for official or non-official purposes.
2. What Personal Data do we collect?
We collect Personal Data about you when you use the services offered
on our website and digital platform, including the following:
1. Sign-up information: When you
register to use the services offered on our digital platform, we
will collect Personal Data as necessary to offer and fulfil the
service you request. Depending on the service you choose, in line
with regulatory requirements for Know Your Customer (KYC)
purposes, we may require that you provide us with your name,
gender, birthday, facial photo, residential address, ID
information (photo, number), utility bill, email address, mobile
number, social media handles and debit/credit card details to
create an account. We will also require your NIN and/or your BVN
in line with regulation and in furtherance of our KYC computation
processes.
2. We may also require you to provide additional, necessary
personal details as you use our services.
3. Transaction information: When you
use our digital platform to access loans, send and receive money,
make purchases from merchants, pay bills, deposit & withdraw cash,
we collect information about the transaction, as well as other
associated information as necessary to offer and fulfil the
servicethat we are obliged to; such as the loan amount, repayment
date, interest and loan product, the amount sent or received the
amount paid for products or services, merchant information –
including information about your device and geolocation. We may
cross-check your identity with third parties including the person
you have provided as your relationship contact. The Contact
Information you provide will only be used to verify your identity
and to reach you in the case of emergency, and will NOT be used
for loan repayment/collection purposes. Your loan information
won’t be shared with the contacts. We will also collect data from
your device for our credit-scoring system. This includes
information relating to your device, such as device make and
model, operating system, and installed software applications. To
supplement this information, we may also collect data from third
parties such as credit bureaus and other financial institutions.
By registering for the Services, you authorize the collection and
processing of the foregoing data.
4. Participant Personal Data: When you
use our services, we may collect Personal Data about the other
participants associated with the transaction, including your phone
contacts with your consent, so you can easily transact with your
friends and contacts and enable instant messaging (IM). We collect
Personal Data such as name and financial account information about
the participant who is receiving money from (or sending money to)
you when you send or receive money through the Services.
5. Image Information: We may collect
your image (upload, storage, and use) information to support
account opening, such as uploading your portrait. We may also
collect information from your images when you use our customer
support to upload evidence such as statements and checks. In
addition, we may collect your image information in connection with
regulatory KYC purposes.
6. Information from other sources: We
may collect information from other sources, such as our social
media platforms when you reach out to us to lodge a complaint
about our services. However, we will only ask for information
relevant to the help required of us to you.
7. Other information we collect related to your use of our
website or Services:
We may collect additional information from or about you when you
communicate with us, contact our customer support teams, respond
to a survey or use functionality offered by third-party service
providers through our Platform. For instance, when you initiate
third-party applications through Blue Ridge’s mobile application,
with your prior consent, your SMS may be collected and monitored
to help third-party service providers reduce risks associated with
your application through the relevant model/system to provide
customized services.
8. When you apply for a job with us: We
may request Personal Data about your education, employment and
state of health. As part of your application, you will be asked to
provide your express consent to our use of this information to
assess your application and any monitoring activities which may be
required of us under applicable laws as an employer. We may also
carry out screening checks (including reference, background and
criminal record checks). We may exchange your Personal Data with
academic institutions, recruiters, health maintenance
organisations, law enforcement agencies, referees and your
previous employers. Without your Personal Data, we may not be able
to process your application for positions with us.
9. We do not collect the information of minors:
If you are under the age of 18, you are not eligible to use the
service offered on our digital platform.
3. How Do We Retain Personal Data? We retain Personal Data in an identifiable format only for as long as required for our business purposes, with specific reference to the service rendered to you, and to fulfil our legal or regulatory obligations. Subject to applicable law, which might, from time to time, oblige us to retain your Personal Data for a certain period of time, we will retain your Personal Data for as long as necessary to fulfil the purposes we collect it for, including the purposes of satisfying any legal, accounting, or reporting obligations.
4. How Do We Process Personal Data?
We collect your personal data to provide you an efficient and secure
customer experience. We may process your Personal Data for the
following reasons:
1.Provide services, including to:
·Initiate a payment, send or
request money, or pay a bill;
·Authenticate your access to an
account;
·Communicate with you about your
account;
2.Manage risk, fraud and abuse of our services and prevent you
from fraud (by developing and adopting measures of verifying your
identity). Our risk and fraud tools use personal data, device
information and geolocation from our Platform that offers services
to help detect and prevent fraud and abuse of the services.
3.Comply with our legal and regulatory obligations and to enforce
the terms of our sites and services, including to comply with all
applicable laws and regulations.
4.Trail information breaches and remediate such identified
breaches.
5.Resolve disputes and troubleshoot problems.
6.With your prior consent:
·Market Blue Ridge’s products and
services to you.
·Use cookies to provide a targeted
display, feature, service or offer to you.
·To provide you with
location-specific functionality like searching nearby agents if
you authorize us to access your Geolocation information through
the Services.
We will not send unsolicited marketing communications to you by SMS
or email if you have not opted in to receive them. Additionally, you
may withdraw your consent at any time and free of charge.
5. Sharing your Personal Data We may share your Personal Data or other information about you with others for the following reasons: ·With other sister companies/affiliates: We may share your Personal Data with other entities/affiliates/sister companies as necessary to enable the technical service you request, to manage risk through risk model system, to prevent potentially illegal and fraudulent acts and violations of our policies and agreements, and to help us manage the connectivity of our services. ·With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with services, verify your identity, assist in processing transactions, send you advertisements for our products and services, or provide customer support. Rest assured that we make double sure that these companies have compliant, legal measures in place to ensure the security and confidentiality of your Personal Data. ·With unaffiliated third-party service providers that offer functionality through our Platform, with your prior consent, to help complete the service you request. ·With other financial institutions: We may share Personal Data with other financial institutions that we have partnered with to offer Blue Ridge-related services, unless your consent extends to other uses. We may also share Personal Data to process transactions and keep your financial information up to date. ·With the other parties to transactions when you use the services, such as other users and their service providers. This includes other users you are sending or receiving funds from and their service providers. The information might include: ·Personal Data and account information necessary to facilitate the transaction; and ·Personal Data to help other participant(s) resolve disputes and detect and prevent fraud. ·Where permitted or required by law. We may share information about you with other parties for Blue Ridge's business purposes or as permitted or required by law, including: ·If we need to do so to comply with a court proceeding, other legal process or an applicable regulation; ·To law enforcement authorities or other government officials, or other third parties pursuant to a court order or other legal process or requirement applicable to Blue Ridge or an affiliated entity; ·Where we reasonably believe that the disclosure is necessary or appropriate to prevent imminent physical harm or financial loss or in connection with an investigation of suspected (or actual) illegal activity; ·With credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes – all in accordance to applicable data privacy regulations and laws; ·To investigate violations of or enforce a user agreement or other legal terms applicable to any service; ·To protect our property, services and legal rights; ·As reasonably and legally permitted, to facilitate a purchase or sale of all or part of Blue Ridge's business, or in the instance of some merger and acquisition; ·To support our audit, compliance, and corporate governance functions. ·With your consent: We also will share your Personal Data and other information with your consent or direction.
6. How We Use Cookies Cookies are small files placed on your device’s browser that enable the website to identify your device as you view different pages. Like most interactive websites, our website uses cookies to enable us track of your activity for the duration of a session. Our website uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs out of the platform and closes the browser. Session cookies do not collect information from your device. They will typically store data in the form of a session identification that does not personally identify you. Certain aspects of our website are only available through the use of cookies, so your use of our website may be limited or not possible if you choose to disable or decline cookies. If you choose to decline the cookies, you may simply exit our website.
7. What Are Your Rights?
1.Requests to Access, Rectify or Erase.
a.Access Request
As permitted under law and applicable data privacy
regulations, you have the right to ask us whether we hold any
Personal Data relating to you and, if we do, to be provided
with a copy of that Personal Data in electronic form, unless
you want to receive it in any other way (for example, a paper
copy). In addition, you can ask us for information on how we
use your Personal Data, who we share it with, how long we keep
it, where it is stored, and other information to help you
understand how we use it.
b.Rectification Request
You have the right to ask us to correct your Personal Data
(including by means of providing a supplementary statement) if
it is inaccurate, or update outdated or incomplete Personal
Data without undue delay. Where we cannot correct the Personal
Data, we include a note on our files regarding your request to
correct your Personal Data.
c.Erasure Request
You have the right to ask us to erase your Personal Data if:
i.Your Personal Data are no longer necessary for the
purpose(s) they were collected for.
ii.Your Personal Data have been unlawfully processed.
iii.Your Personal Data must be erased to comply with a
regulation.
iv.You withdraw your consent for the processing of the
Personal Data (and if this is the only basis on which we are
processing your Personal Data).
v.You object to the possession, provided there are no
overriding legitimate grounds for continued processing, or
vi.You object to processing for direct marketing purposes.
If we receive your erasure request, we will also take reasonable
steps to inform other data controllers processing the data so they
can seek to erase links to or copies of your Personal Data. We may
refuse to act on your request to erase your Personal Data if the
processing of your Personal Data is necessary:
d.To exercise our right of freedom of expression and
information.
e.To comply with the relevant Nigerian laws and regulations.
f.For the performance of a task carried out in the public
interest or to exercise some official authority vested in us.
g.To establish, exercise or defend legal claims.
h.to comply with pertinent legal and regulatory directives.
In these cases, we can restrict the processing instead of erasing
your Personal Data if requested to do so by you.
2.Requests to Object: You have the right
to object at any time to the processing of your Personal Data if
we process it based on our legitimate interests. This includes any
so-called “profiling”. Our privacy notice informs you when we rely
on legitimate interests to process your Personal Data. In these
cases, we will stop processing your Personal Data unless we can
demonstrate compelling legitimate reasons for continuing the
processing. We may reject your request if the processing of your
Personal Data is needed to establish, exercise or defend legal
claims. You have the right to object at any time if we process
your Personal Data for direct marketing purposes. You may also
object at any time to profiling supporting our direct marketing.
In such cases, we will stop processing your Personal Data when we
receive your objection.
3.Requests to Restrict: You have the
right to ask us to restrict the processing of your Personal Data
if:
a.You contest the accuracy of your Personal Data and we are in
the process of verifying the Personal Data we hold.
b.The processing is unlawful and you do not want us to erase
your Personal Data.
c.We no longer need your Personal Data for the original
purpose(s) of processing, but you need them to establish,
exercise or defend legal claims and you do not want us to delete
the Personal Data as a result, or
d.You have objected to processing carried out because of our
legitimate interests while we verify if our legitimate grounds
override yours.
If processing is restricted, we may process your Personal Data
(excepting for storage purposes), only:
e.If you have given us your consent.
f.For establishing, exercising or defending legal claims.
g.For protecting the rights of another natural or legal person,
or
h.For reasons of important public interest as defined under the
NDPA and relevant Nigerian laws.
i.to comply with pertinent legal and regulatory directives.
Once processing is restricted following your request, we will
inform you before we lift the restriction.
4.Requests for Portability: If our
processing is performed by computer and is necessary to fulfil a
contract with you, or is based on your consent, you have the right
to:
a.Receive any Personal Data you have provided to us in a
structured, commonly used and machine-readable electronic
format.
b.Send your Personal Data to another organization or have us do
so for you if it is technically feasible for us to do so.
If your request relates to a set of Personal Data that also
concerns other individuals, we may restrict the transfer to only
the portion relevant to you, unless you establish that you have
also gotten their consent.
5.Requests to Object to Automated Decisions:
Generally, you have the right to object to any legal decision
concerning you or which otherwise significantly affects you if
this is based solely on the automated processing of your Personal
Data. This includes automated decisions based on profiling. In
such instance, you may undertake a legal process to prevent or
advance your rights.
Otherwise, we may refuse your request regarding such automated
decisions where:
a.Necessary to enter into a contract with you, or for the
performance of your contract with us.
b.Permitted by regulations, or
c.Based on your explicit consent.
Our actions on the automated processing involving your sensitive
Personal Data (where you have given your explicit consent or the
processing is necessary for reasons of substantial public
interest), are in complete compliance with the NDPA and relevant
laws.
8. How Do We Protect Your Personal Data?
Security
We maintain technical, physical, and administrative security
measures designed to provide reasonable protection for your Personal
Data against loss, misuse, unauthorized access, disclosure, and
alteration. The security measures include firewalls, data
encryption, physical access controls to our premises, CCTV cameras
for public safety and quality control, as well as information access
authorization controls.
Confidentiality
Your Personal Data is regarded as confidential and will not be
divulged to any third party, except under legal and/or regulatory
conditions. You have the right to request sight of, and copies of
any and all information we keep on you, if such requests are made in
compliance with the Freedom of Information Act and other relevant
enactments.
While we are dedicated to securing our systems and services and
safeguarding the information entrusted to us, your role in
fulfilling confidentiality duties includes, but is not limited to,
adopting and enforcing appropriate security measures such as
securing and maintaining the privacy of your password(s) and
account/profile registration information, adherence with physical
security protocols on our premises, verifying that the Personal Data
we maintain of you is accurate and current.
We will inform you of any breaches which may affect your Personal
Data.
9. Remedies for Violation and Time-frame for Remedy In the event of violation of this policy, our Data Protection Officer shall within 7 days redress the violation. Where the violation pertains to the disclosure of your Personal Data without your consent, such information shall be retracted immediately, and confirmation of the retraction sent to the you within 48 hours of the redress.
10. Governing Law This Privacy Policy is made according to the Nigeria Data Protection Act (2023) or any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria.
11. Changes to our Privacy Policy This privacy policy is reviewed periodically and when there is any substantial change to business or regulatory requirements. The revised Privacy Policy will be effective as of the published updated date. At the minimum, we shall review this annually and communicate via our communication channels such as Website, Social Media Accounts etc. If the revised version includes a substantial change, we may notify you of the change using emails or other means.
12. How Does Your Personal Data Move Globally? Our operations are supported by a network of computers, cloud-based services and other infrastructure and information technology. Your Personal Data will be stored in Nigeria where we are providing Services to you, except where you provide your consent for your Personal Data to be processed outside Nigeria to enable us process your transactions. Data are stored with appropriate encryption menthod and security standards. We will protect your information as prescribed in the Privacy Policy if your Personal Data is transferred out of Nigeria. By using our Platform and Services, you consent to your Personal Data being transferred out of Nigeria, to a jurisdiction which has adequate data protection laws as prescribed in the NDPA.
13.Contact Us
If you have any general questions or concerns about this Privacy
Policy or the way in which we handle your Personal Data, kindly
contact us via the details below:
BLUE RIDGE MICROFINANCE BANK LIMITED
77, Opebi road, Ikeja, Lagos, Nigeria.
Email: okash@blueridgemfb.com
We use cookies to personalise content and ads, to provide social media features and to analvse our traffic. We also share information about vour use of our site with our social media, advertising and analytics partners who may combine it with other information that you've provided to them or that they've collected from your use of their services. Check Privacy Policy.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.