INTRODUCTION

QoreID Limited (“QoreID”, “we”, “us”, “our” “Company”), recognizes your privacy rights as guaranteed under the 1999 Constitution of the Federal Republic of Nigeria; the Nigerian Data Protection Regulation 2019 (NDPR) issued by the National Data Technology Development Agency (NITDA), and the privacy provisions in other relevant laws applicable to our business in Nigeria. Thus, it is important to us as a law-abiding organisation that your Personal Data is managed, processed and protected in accordance with the provisions of the applicable laws. During our business and/or your engagement with us and third parties through our Platforms (including our websites, Application Programming Interface (API), digital platforms, mobile applications, physical operations/offices, amongst others), we may process your Personal Data, subject however to the terms of this Policy. This Privacy Policy (“Policy”) therefore explains our privacy practices with respect to how we process your Personal Data and describes your rights as a user of any of our services and Platforms.

This Policy applies to all our Platforms, and all related sites, applications, services and tools regardless of how they are accessed or used.

DEFINITIONS

For the purpose of this Policy:

Personal Data means any information relating to you, including your name, identification number, location data, online identifier address, photo, email address, pins, passwords, bank details, financial information, posts on our Platforms, religion, date of birth, health, race/tribe, nationality, ethnicity, political views, trades union membership, criminal records, medical information, and other unique identifiers such as but not limited to MAC address, IP address, International Mobile Equipment Identity (IMEI) number, International Mobile Subscriber Identity (IMSI) number, Subscriber Identification Module (SIM), National Identification Number (NIN), Bank Verification Number (BVN) and others. It also includes factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

Process/Processing means any operation or set of operations which is performed on your Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

CONSENT

We kindly request that you carefully read through this Policy before using our Platforms. Please note that if you proceed to use any of our Platforms and services, it will deemed that you have provided your express consent to the terms of this Policy.

AGE

You must be at least 18 years old to use our services or any of our Platforms. Individuals under the age of 18, or applicable age of maturity, may utilize our Platforms services only with involvement of a parent or legal guardian, under such person’s account. Regardless, all Personal Data which we may process shall be in accordance with this Policy and other applicable laws.

COLLECTION OF DATA

In the course of your engagement with us or with third parties through our Platforms, we may collect your personal Data in the following ways:

1. Automatic Data collection: We may automatically collect Personal Data upon your engagement with us or our Platforms through your computer, mobile phones, forms, documents made available to us, other access devices like a webservice call. We also collect anonymous information through our use of cookies and web beacons to customize your experience on our Platform and to improve account security. You may decline our use of cookies, unless same is mandatory for the use of our Platform. Please note however that refusal to permit the use of necessary cookies may affect your use of our Platform
2. Data from downloads: When you download or use our digital Platforms, or access any of our Platforms, we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as advertisements, search results, and other personalized content. You may disable your location in the settings menu of the device.
3. Physically or Digitally Provided Data: We may collect and process your information when you create and/or update your account on our Platform, complete forms, questionnaires, surveys etc. We may also collect Personal Data from the data you provide to us through API, documents, letters, e-mail, agreements, correspondence, Identity cards, certificates, passports, or through any other means by which you wilfully provide information to us.
4. Third Parties: We may also receive your information from third parties such as relatives, guardians, financial institutions, vendors, and service providers, government agencies etc.
5. Social Media: We also receive Personal Data through your engagements with us on social media sites (e.g., Facebook, Instagram, LinkedIn, Twitter, and WhatsApp). This includes but are not limited to your replies to our posts, your comments, enquiries, messages to us, etc.

USING YOUR PERSONAL DATA

In the course of your engagements with us or through our Platforms, we collect personal information for various legal reasons, largely to enable us to personalize your experience and to provide a more efficient service to you. Some of the reasons we collect Personal Data are to:

1. provide services and customer support;
2. create an account with us for the provision or use of our services;
3. process transactions, payment requests, and send notices about transactions;
4. verify customers’ identity, including during account creation and password reset processes;
5. manage your account and provide you with efficient customer service;
6. resolve disputes, process payments and troubleshoot problems;
7. manage risks, or to detect, prevent, and/or remediate fraud, violation of policies and applicable user agreements or other potentially prohibited or illegal activities;
8. execute our contractual obligations to you;
9. improve our services and functionality by customizing user experience;
10. measure the performance of our services and improve their content and layout;
11. manage and protect our information technology infrastructure;
12. provide targeted marketing and advertising, provide service or transaction update notices, and deliver promotional offers based on communication preferences;
13. obtain a means by which we may contact you; either by telephone, text (SMS), email messaging, social media, etc;
14. conduct background checks, compare information for accuracy and verify same with third parties;
15. identify or address a violation and administer our policies and Terms of Use;
16. comply with legal, contractual, and regulatory obligations;
17. execute your specific requests or use same for a specific purpose as you may instruct;
18. investigate and respond to your complaints or enquiries;
19. process your access to our services, Platforms, or functions from time to time.

If we intend to use any personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time at which the personal information is required and obtain your consent.

STORAGE AND PROTECTION OF YOUR DATA

We protect your Personal Data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of our safeguards include ensuring that sensitive Personal Data are encrypted and stored, with only authorised users having access to this information. Access to our various Platforms is restricted to authorized users only. Your Personal Data is also stored on our secure servers as well as secure physical locations and cloud infrastructure. Personal Data is also stored in data centres which are collocated out of our office environment to ensure security of data and also availability of data when required.

We will take all necessary measures to ensure that your Personal Data is safe, however, you are also required to ensure that access codes, PINs, passwords, usernames, and all other information or hints that may enable third party access to your accounts on our Platforms are secure. We therefore strongly advise you to keep such information secure and confidential. If you use a third party’s device (laptops, phones, public internet, etc.) to access your account, kindly ensure that you always log out. Kindly note however that some devices are programmed to save passwords or usernames, as such, we therefore advise that you use third party devices with extreme caution. If you believe that an unauthorized person has accessed your account information, please contact us immediately.

PROCESSING YOUR PERSONAL DATA

In order to execute our obligations to you or process your transactions, we may be required to process your Data, such as your name, identification number, account number, account ID, e-wallet account, contact details, shipping and billing address, or other information needed to complete the transaction. We also work with third parties, including financial institutions, vendors, service providers, government agencies who facilitate transactions or services executed on our Platforms. In the course of your engagement with us or use of our services and Platforms, we may share your information with different stakeholders, including but not limited to financial institutions, partners, service providers, government agencies, credit bureaus and collection agencies to report account or credit information, affiliates of QoreID; regulatory or judicial authorities, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to QoreID. Please note that the parties mentioned above may be within or outside Nigeria.

We may also process your Personal Data when we believe, in our sole discretion, that the disclosure of your Personal Data is necessary to comply with applicable laws and judicial/regulatory orders, conduct investigations, manage existing or imminent risks, prevent fraud, crime or financial loss, or for public safety or to report suspected illegal activity or to investigate violations of our Terms of Use.

In all cases, we will ensure that your Personal Data is safe and strictly processed only when necessary, and we will notify the receiving party of the confidential nature of your Personal Data, particularly the need to maintain the confidentiality of same and prevent unlawful or unauthorised usage.

YOUR RIGHTS

You have the following rights regarding your Personal Data collected by us:

1. Right to access your Personal Data being held by us.
2. Right to request that your Personal Data be made available to you in an electronic format or that it should be sent to a third party (Kindly note that we have the right to decline such request if it is too frequent, unreasonable, and likely to cause substantial cost to us. In any event, we will communicate the reason for our refusal);
3. Right to rectify any inaccurate, incomplete information. As such, if you discover any inaccuracy in your Personal Data, kindly notify us promptly and provide us with documentary evidence to enable us to update the requisite changes;
4. Right to withdraw consent for the processing of your Data, provided that such withdrawal shall not invalidate any processing previously done based on the consent previously given by you;
5. Right to restrict or object to the processing of your personal Data. Kindly note that this right will not apply if we are compelled to process your Personal Data where required by any law, regulatory authorities, or court of law;
6. Right to request that your Personal Data be deleted. We may however continue to retain the Personal Data where required by law, contract, regulatory authorities, or court of law.
7. Right to data portability;
8. Right to lodge complaints with relevant authorities;
9. Right to information regarding the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing;

SOFTWARE

If you download or use our software, such as a stand-alone software product, an app, or a browser plugin, you agree that from time to time, the software may download and install upgrades, updates and additional features from us to improve, enhance, and further develop the software.

CROSS BORDER DATA TRANSFER POLICY

While providing our services and in a bid to serve you better, we may be required to transfer your Personal Data (electronically or otherwise) across the borders of Nigeria. Nonetheless, we have an unwavering commitment to ethical and responsible practices in ensuring that your Personal Data is adequately protected regardless of where the Personal Data is transferred or hosted.

This Policy defines our global standards for management and protection of Personal Data by or on behalf of QoreID regardless of the country from which it originates or to which Personal Data may be transferred. This Policy will apply to any transfer of information which is undergoing processing or is intended for processing after transfer to a foreign country or to an international organisation.

We will only transfer Personal Data or allow it to be processed by third parties in a different jurisdiction if such country is listed under the NITDA Whitelist and has an adequate level of data protection as determined by the appropriate regulatory authority (that includes the National Data Technology Development Agency, Honourable Attorney General of the Federation, etc.) in accordance with the provisions of the Nigeria Data Protection Regulation or any other privacy laws in force.

In the absence of any decision by the appropriate regulatory authority as to the adequacy of safeguards in a foreign country to which your Personal Data may be transferred, we will only transfer your Personal Data to a foreign country or an international organisation only if any of the following requirements have been met:

1. Your explicit consent has been obtained (Please note that such foreign country or international organisation may have privacy laws or policies less stringent that Nigerian privacy regulation or laws. However, we will ensure that the recipient of such Personal Data undertakes to protect your Data and handle it with utmost confidentiality and in accordance with the standards imposed by the NDPR);
2. The transfer is necessary for the performance of a contract between you and QoreID or the implementation of pre-contractual measures taken at your request;
3. The transfer is necessary for the conclusion or performance of a contract concluded in your interest;
4. The transfer is necessary for public interest;
5. The transfer is necessary for the establishment, exercise or defence of legal claims; and
6. The transfer is necessary in order to protect your vital interests or of other persons, where you are physically or legally incapable of giving consent.

In order to ensure that any cross-border transfer of your Personal Data is adequately protected, we may:

1. conduct privacy due diligence to evaluate the privacy practices and risks associated with third parties in a foreign country.
2. obtain contractual assurances from those third parties that:
   • they will process your Personal Data pursuant only to QoreID’s instructions, and in accordance with our Privacy Policy;
   • that they will notify QoreID promptly of any data breach, including any inability to comply with the standards set forth in this Policy and applicable laws; and
   • they will not engage another organisation to process your Data without putting in place an agreement imposing equivalent data protection standards.
3. ensure that in processing your Personal Data, that we will, where necessary, ensure that it is anonymized, and we will obtain written assurances from any third parties that they will only use the Personal Data for the legal purpose for which it was provided, and in accordance with applicable laws;
4. where required, register the processing of your Personal Data with or seek the approval of the applicable privacy or data protection regulatory authority;
5. limit data retention periods for your Personal Data
6. disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

COOKIE POLICY

Cookies are small pieces of data, stored in text files, that are stored on your computer or other device when websites are loaded in a browser, and which collects information about user actions on a site.

When you access our Platforms, we may place small data files on your computer or other device. These data files may be cookies, pixel tags, flash cookies, or other local storage provided by your browser or associated applications (collectively referred to as “cookies"). These technologies are used to recognize users as customers; customize services, content, and advertising; measure promotional effectiveness; help ensure that account security is not compromised; mitigate risk and prevent fraud; and to promote trust and safety on our Platform. We also use cookies to collect and use Personal Data as part of our services, recognize your browser or device, learn more about your interests, and provide you with essential features and services.

This Policy applies to our websites and Platforms alone. We do not exercise control over the sites displayed or linked from within our various services. These other sites may place their own cookies or other files on your computer, collect Data or solicit personal Data from you.

WHAT TYPE OF COOKIES DO WE USE?

Temporary cookies: This is also known as 'session cookies'; it helps our sites and platforms to recognize users, temporary memorize their online activities and the information provided when they navigate through a website. Session cookies only retain information about your activities for as long as you are on the website. Once the web browser is closed, the cookies are automatically deleted.

Permanent cookies: This is also known as 'persistent cookies' or ‘first-party cookies’; they remain in operation even after the web browser has closed. It helps our sites or Platforms remember your information, preferences and settings such as language selection and internal bookmarks for when you revisit in the future.

WHY DO WE USE COOKIES?

Cookies store helpful information to enhance users’ experiences on our Platforms, and possibly to improve our ability to reconnect with you later. They are used to remember you and your preferences such as your preferred language, device settings, browsing activities and other useful information, help you navigate between pages efficiently, and generally improve your experience in using our services.

These cookies may be used as follows:

1. Authentication: We use cookies and similar technologies to recognize you when you visit our site. If you are signed into our website or mobile app, it helps us show you the right information and personalize your experience in line with your settings. Cookies also enables us to identify you and verify your account.
2. Security: We use cookies to make your interactions with our services and Platforms faster and more secure. For example, we use cookies to enable and support our security features, keep your account safe and to help us detect malicious activity and violations of our Terms of Use.
3. Preferences, features and services: We use cookies to enable the functionality of our Services, such as helping you to fill out forms on our Services easily and providing you with features, insights and customized content. We also use it to remember information about your activities on our Platforms, and your preferences.
4. Performance, Analytics and Research: Cookies help us learn more about how well our services perform in different locations. We use cookies to determine and measure performance and to learn whether you have interacted with our websites, content or emails and provide analytics based on those interactions.

WHERE WE PLACE COOKIES

We set cookies in a number of different locations across our services. These locations may include:

1. Our website, and other Platforms;
2. Our mobile applications;
3. E-mails (We may use cookies in some of our emails to enable us to understand how you interact with our emails. It also helps us to improve our future email communications with you. Depending on your email or browser settings, cookies in our emails may be automatically accepted.)

CONTROLLING COOKIES

We will always ask for your consent to accept the use of cookies on your device. You can freely decline our cookies, not use our Platforms or through clearing your cookies in your browser settings. Cookies are optional unless they are required to prevent fraud or ensure the operation and security of our Platforms. You may also configure your specific browser or email settings to automatically reject cookies. You may also erase cookies stored on your device through your browser settings or by deleting the folder or file where they are stored on your device.

Declining our cookies may affect your ability to fully utilize of our Platform and services. Without cookies you may not have access to certain features on the site, including access to certain personalized content.

QoreID may revise this Cookies Policy to reflect changes in the law, our data collection and use practices, the features of our site, or advancements in technology. If we make any material changes, we will notify you by email or through a prominent notice on our sites/platforms prior to such change.

THIRD PARTY CONTRACT & SERVICE PROVIDERS DATA POLICY

Data transfer to third parties

We may share your personal Data with our service providers, financial institutions, vendors, affiliates, subsidiaries, parent company, contractors, government agencies etc. to assist us in providing, delivering, analysing, administering, improving, and personalizing content that are delivered to you as part of our services. These include third parties who assist us in performing, delivering, or enhancing certain products and services related to the delivery and operation of our services; or who provide technical and/or customer support on our behalf; or who provide application or software development and quality assurance; or who provide verification functions, who process transactions and payment requests, research on user demographics, interests, and behaviour, and other products or services. These third-party service providers may also collect personal information about or from you in performing their services and/or functions on our website or Platforms. We may also pass certain requests from you or your organization to these third-party service providers. Regardless of the third-party involved, any disclosure shall only be for a lawful purpose.

Data transfer for the purpose of legal/regulatory compliance

We may from to time be required to share your personal data with a regulator, law enforcement body, government agency, court or other third party to (i) comply with the law; (ii) enforce the terms of a contract; and (iii) protect the rights, property, or safety of QoreID or the public.

Links to third-party websites or services

This Policy only applies to Personal Data collected by our Platforms or which we transfer in the course of our services to you. Our Platforms may contain links to other websites or services that are not owned or controlled by us, including links to websites of financial or technical partners, financial institutions, vendors, advertisers, sponsors, partners, service providers, who at one point or the other facilitate transactions executed on our Platforms.

We have no control over these third-party websites, and your use of third-party websites and features are subject to the privacy policies of those websites or platforms. We are not responsible or liable for the privacy or business practices of any third-party websites linked to our site or third-party social media feature or functionality displayed on our site, including, but not limited to Facebook, LinkedIn, Twitter, etc. Your use of third-party websites linked to our sites is at your own risk, therefore, we encourage you to read the privacy policies of any linked third-party websites or platform you access through or outside our sites or platforms. If you are dissatisfied with the privacy policy or data protection standard of such third party, you are at liberty to exit our Platform. QoreID will not be responsible for any damage, loss or liability caused to you on those third-party sites or platforms.

Security of shared information

We will not share your Personal Data with any third party until we obtain an undertaking (implicit or explicit) that they will take appropriate steps to implement appropriate security measures by themselves, their employees, officers, affiliates, and sub-processors to protect your Personal Data and prevent unauthorised disclosure or loss. We will also ensure that such third parties commit themselves to the statutory and contractual obligation of confidentiality, as may be stipulated in a non-disclosure agreement, privacy policy, confidentiality clauses, etc. We will also obtain an undertaking that such third party will comply with the Nigerian Data Protection Regulations, 2019, and other applicable data protections laws in force, and that it will under no circumstances use your Data for any unlawful purpose or purpose other than that for which the Data was disclosed.

QoreID will from time to time monitor and review the conduct or activities of these third parties to ensure that they are compliant with the confidentiality obligations imposed on them.

EXCEPTIONS

Please note that this Privacy Policy does not apply to Personal Data that is already in the public domain through no fault of ours.

VIOLATION

If you violate the terms of this Policy, or otherwise create risk or possible legal exposure for us or attempt to violate the privacy rights of QoreID and/or its other users, we reserve to restrict your access to our Platforms. We will notify you if we are constrained to take such decision.

DISPUTE RESOLUTION

We are dedicated to ensuring that you are satisfied with our management of your Personal Data. However, in the unlikely event that you have a complaint, please contact us via the details below, stating your name and details of your complaint. Upon receipt of your complaint, we will endeavor to contact you within 2 (two) working days with a view to amicably resolving such dispute within the shortest possible time. The foregoing notwithstanding, all disputes arising from this policy shall first be resolved by negotiation. However, if parties fail to resolve the disputes amicably by such mutual consultations, parties shall further attempt to resolve the dispute by mediation at the Lagos Multi-Door Courthouse, Lagos State, Nigeria.

CONTACT US

If you have questions regarding your data privacy rights or would like to submit a related data privacy right request, kindly contact us via the information below:

The Data Protection Officer
Verify Me Nigeria Limited
1st floor, Cashcraft building
270 Murtala Muhammed Way
Alagomeji. Yaba, Lagos.
Phone number: 07037735035
Email address: [email protected]

Please allow up to 2 (two) working days for a response. The Company reserves the right to charge a reasonable fee to process complex, excessive or repeated requests.

AMENDMENT

We may amend or revise this Policy at any time by posting a revised version on our website. Notice of the amendment will be posted on our website and the revised version will be effective from the date of publication. Kindly note that your continued use of our Platform after the publication of the revised version constitutes your acceptance of our amended terms of the Policy.