Riby Privacy Notice

1. General

FINANCE LIFE TECHNOLOGIES LIMITED (“RIBY”) is a limited liability company incorporated under Part A of the Companies and Allied Matters Act, Cap C20, the Laws of the Federal Republic of Nigeria, with RC No. 1214343 and having its corporate office at Block G, House 4, Moore Road, Yaba, Lagos, Nigeria. RIBY is committed to safeguarding the privacy of our employees, clients, partners and visitors of our web sites and users of our products and services.

When this policy mentions “we,” “us,” or “our,” it refers to RIBY, which is the controller of your information and data. This privacy policy explains how we collect, store, use, manage, share, and delete your information when you use any of our products, services and our websites, including our Riby Cooperative Banking (RCB).

When using any of our products, services and websites, you consent to the collection, transfer, processing, storage, disclosure, and use of your information in Nigeria and any other country we operate as described in this privacy policy. This includes any information you choose to provide that is deemed sensitive under applicable laws.

This privacy policy is applicable to all users of our websites, apps, products, services, features and others, either as an individual or as a group.

2. What information do we collect?

  1. 2.1. In connection with the service we provide and the products we offer, we collect personal and financial information from you while you use our products, services and websites. Most of this collection occurs during registration (on-boarding) – for individuals or cooperatives under our different products and services – and while using our services, products and websites.

  2. 2.2. These personal and financial information are necessary when on-boarding or accessing our products and services on our websites, in order to:

    1. 2.2.1. Enable registered users to log in to the site,

    2. 2.2.2. Determine borrowers' eligibility for loans,

    3. 2.2.3. Verify borrowers' and investors' identities,

    4. 2.2.4. Establish borrowers' and investors' ability to make and request loans by verifying that they are at least 18 years of age,

    5. 2.2.5. Grant loans to individuals and cooperatives, and

    6. 2.2.6. Guard against potential fraud and money laundering.

  3. 2.3. These personal and financial information include:

    1. 2.3.1. Your first, middle and last names

    2. 2.3.2. Your contact details (such as mobile/telephone numbers, e-mail addresses)

    3. 2.3.3. Your date of birth

    4. 2.3.4. Your gender

    5. 2.3.5. Next of Kin details

    6. 2.3.6. Your home address and telephone number (borrower/lender registration)

    7. 2.3.7. Your Bank Account information (including, but not limited to, Bank Verification Number (BVN), Account name and number, Credit history etc.)

    8. 2.3.8. Additional personal information may be gotten from third party applications and other identification/verification services. For example, from your financial institution or a Credit Bureau. In addition, third parties may request additional information from Riby on your behalf or otherwise, and we may be obliged to provide this information where this is within the confines of your consent to us or without your consent where it is required by law or law enforcement agents in the prevention, investigation or prosecution of a crime.

  4. 2.4. You are not required to provide any personal information on the public areas of the web site. However, you may choose to do so by completing forms on various sections of our website, including:

    1. 2.4.1. Careers

    2. 2.4.2. Contact

    3. 2.4.3. Subscription to our newsletters

    4. 2.4.4. Request for loan quotations

    5. 2.4.5. And registering as a cooperative or as an individual.

3. Consent

  1. 3.1 Riby collects, uses, transfers, processes and stores the information we collect from you with your consent.

  2. 3.2 By, including but not limited to, performing the actions listed in 2.4 above and using any of our products and services, you give us the consent to collect, use, transfer, process and store your information.

  3. 3.3 However, that consent can be withdrawn with a written or electronic notice to us.

  4. 3.4 Take note, however, that withdrawal of consent will prevent access to or usage of our services, products and websites where such information is required and withdrawal shall not affect the lawfulness of processing carried out by us based on consent before its withdrawal.

4. Basis for collecting and using your information

Apart from consent, the bases upon which we collect and use your information include performance of contract, legal obligation, vital interest of the public, your vital interest and our legitimate interest or that of a third party, if your rights and interests do not outweigh such legitimate interests.

5. What do we do with your information?

Personal data submitted on the website or through the use of our products and services will be used for the purposes specified in the relevant part of the website and for other purposes for which you give your consent. These purposes also include but not limited to the provisions of Clause 2.2 above.

In each case, the purpose for which you are invited to submit your information is clear. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside RIBY, except as mentioned elsewhere in this policy or to service providers and partners acting on our behalf in relation to the purpose for which you have given your consent, or in other very limited circumstances, for example, where we are legally obliged to do so.

6. How do we store your information?

The personal information we collect from you through Riby Enumerator are stored within the Riby Ecosystem and they are processed at our office in Nigeria and any other data processing platforms used by our identifiable third parties.

7. What Security measure do we take in protecting your information?

RIBY is PCIDSS licensed. We take reasonable measures to protect your information from physical and cyber risks, by using globally trusted information security management systems.

We have also developed a robust information management policy and practice to safeguard against loss, theft, damage, as well as cyber risks to your information. However, we cannot guarantee the security of your information when you visit our web site. You shall bear the risks for your information when you transmit it on our web site. In addition to our reasonable measures, we advise that you;

  1. a. Do not divulge your personal details to other parties, unless where this is absolutely necessary;

  2. b. Protect your personal computers/mobile gadgets against malware and malicious activities;

  3. c. Use strong passwords which are not easily deducible from your personal details;

  4. d. Log out of our systems after every session;

  5. e. Notify us promptly as soon as you notice any irregular transaction on your accounts;

  6. f. And take other reasonable measures to protect your details and gadgets from third parties.

8. What are your Rights?

  1. a. Rights of Access to Information

    RIBY, by virtue of its European transactions and partnerships, is obliged to follow the European General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation (NDPR). Thus, you have the right to obtain from us, confirmation as to whether or not personal data concerning you is being processed, where and for what purpose. Further, we shall provide a copy of the personal data, free of charge, in an electronic format when you make such request.

  2. b. Rights to be forgotten

    Part of the expanded rights of data subjects outlined by the GDPR is the Right to be Forgotten, also known as Data Erasure. The right to be forgotten entitles you to have us erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

    The conditions for erasure, as outlined in article 17 of the GDPR, include the data no longer being relevant to original purposes for processing, or you are withdrawing consent. However, you should also note that this right requires us to compare your rights to "the public interest in the availability of the data" when considering such requests.

  3. c. Rights to update information

    We have a legal obligation to ensure that your information is kept accurate and up to date. Please assist us to comply with this obligation by ensuring that you inform us of any changes to your information. You also have the right to rectify any inaccurate information about you.

  4. d. Right of portability

    You have the right to request that we transfer any information or data we hold about you to another company or organisation.

  5. e. Right to restrict processing

    You have the right to request that we limit the way we use and process your personal data.

  6. f. Right to Object

    You have the right to challenge ways in which we use and process your data if you no longer want us to use and process your data in such ways

    However, take note that an exercise of the rights in (b), (e) and (f) above may prevent us from fulfilling our obligations under the contract with you if the basis of our processing your data is performance of contract. Exercise of such rights will also prevent you from having access to our products and services.

    When you wish to exercise any of the rights above,kindly drop a call on our lines or visit our office directly to ensure that we can authenticate your requests. Otherwise, you can login to your account to update any changes or submit a written request.

9. Breach Notification

Under the GDPR, breach notification is mandatory, where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. In lieu of this, we will take reasonable measures to inform you within 72 (Seventy-Two) hours of first having become aware of any breach to our systems, which may result in a risk to the information we hold about you.

Disclaimer: Please be advised that requests made under the rights to Access information, Erasure and Breach Notification are weighed in accordance with place of residence. Clients and Partners ordinarily resident in European Union countries have automatic entitlement to enforce these rights, and clients and Partners in other jurisdictions are entitled to these rights on the basis of Riby’s discretion.

10. How long do we keep your information?

We keep your information for our records for at least six years, as prescribed by the law, notwithstanding that your account is active or no longer active. This is subject to your right to have us erase all your information and our obligation to keep your records for legal purposes, for example where it is subject to a fraud or money laundering investigation.

11. Anti-money laundering policies and procedures

Our Anti-Money Laundering (AML) and Combating Financing of Terrorism (CFT) policies are tailored to the recommendations of the Central Bank of Nigeria. We conduct client due diligence enquiries on each new client and persons connected with them and conduct ongoing monitoring of existing clients. These enquiries are based on the Money Laundering (Prohibition) Act, 2011 (as amended) “MLPA”, and the Terrorism Prevention Act 2011 (as amended) “TPA”, although if additional information is required by CBN guidelines on same, that information will also be obtained.

Where necessary for these purposes, we seek relevant information from third party data suppliers. Where individuals have supplied personal data for this purpose, we will only use it for that purpose and will keep it only as long as the relevant AML and CFT data protection legislations require.

We also have internal procedures to ensure that any suspicion of money laundering and terrorism are reported to the appropriate authorities where there is an obligation to do so. Our legal team and other relevant staffs are provided with training on these issues.

12. Cookies

Cookies are small text files that are placed on your computer by websites you visit. Cookies help make our websites work and provide information to us about how users interact with our site. We use this information for the improvement of user experience on our website.

The cookies we use help to provide us with anonymised, aggregated technical information. This is principally so that we can make sure that the website is easy to navigate, identify the areas that are of particular interest to visitors and generally improve the site and our services. The information that we collect in this process will not identify you as an individual. We do not seek to identify individual visitors unless they volunteer their contact details through one of the forms on the website. In some circumstances, our records will identify organisations visiting our site and we may use that information in managing our relationship with those organisations, for example, in considering how to develop the services that we offer them.

By using our website, you agree that we can place these types of cookies on your device. When you access this website, our cookies are sent to your web browser and stored on your computer. If you wish to remove them, you can manage this via the settings on your browser, but note that this may impact your ability to utilise this and other websites. The way to clear cookies varies from one browser to another. You should look in the "help" menu of your web browser for full instructions.

13. How do we respond to legal requests or disputes which results from potential mishandling of information?

We are hopeful that you will not have a cause to be displeased about how we manage your data. However, in the unlikely event that you have a concern over how your information is being managed, processed or where it is missing, you should;

Your Rights

  1. • Submit a detailed complaint in writing (whether by electronic or written means) to us

  2. • Wait for a response within 10 working days of receiving the complaint.

Our responsibilities

  1. • Receive complaints, investigate, determine the outcome and communicate to you within 10 working days

  2. • If unable to resolve, refer the matter to the appropriate authorities to resolve the issues at little or no cost to you.

14. Third Parties

The following are the third parties we employ in offering our products and services to you:

  1. a. Hosting: Riby infrastructure

  2. b. Communications: Zoom and Slack

  3. c. Email services: Mail chip

  4. d. Payment: Paystack, Interswitch and Flutterwave

15. How will we notify you of changes to this notice?

We may change this policy from time to time by updating this page. We do not undertake to send a written notification of changes to this policy. You should check this page from time to time to ensure that you are kept abreast of any changes.

This Privacy Notice was last updated on 12 August 2020.