Conditions for processing personal data

Baobab Nigeria Personnel or any third party acting on its behalf shall only process your personal data if at least one of these conditions are satisfied:

• Consent: this refers to any freely given, specific, informed and unambiguous indication through a statement or a clear affirmative action that signifies your agreement to the processing of your Personal Data by Baobab Nigeria. The Bank shall not seek consent that may engender direct or indirect propagation of atrocities, hate, criminal acts and anti-social conducts.
• Contract: where processing is necessary for the performance of a contract or entering into a contract at your request.
• Legal obligation: the processing is necessary for compliance with a legal obligation to which Baobab Nigeria is subject.
• Vital interest: the processing is necessary, to protect your vital interests or those of another natural person.
• Public interest: the processing is necessary for the performance of a task carried out in the interest of the public or the exercise of official authority vested in Baobab Nigeria.

How we use your personal data

To the extent permissible under applicable law, we may use your information for the following legitimate actions:

• Managing our relationships with you.
• Processing applications for products and services, effecting payments, transactions and completing instructions or requests.
• Providing products and services (including electronic banking services).
• Assessing suitability for products and services.
• Credit assessment, including conducting credit checks and setting credit limits.
• Processing Recruitment.
• Surveillance of premises.

The Bank has a legal or regulatory obligation to process your Personal data for some purposes in connection with the service you have requested. These purposes include:

• The prevention, detection, investigation and prosecution of crime in any jurisdiction (including, but not limited, money laundering, terrorism, fraud and other financial crime).
• Identity verification, government sanctions screening and due diligence checks.
• To comply with local or foreign law, regulations, directives, judgments or court orders, government sanctions or embargoes, reporting requirements under financial transactions legislation, and demands of any authority, regulator, tribunal, enforcement agency, or exchange body..

Cookies and Tracking Technologies

A “cookie” is a string of information that assigns you a unique identifier that is stored on your computer. Your browser provides that unique identifier to use each time you submit a query to the Site. We use cookies on the Site to, among other things, keep track of services you have used, record registration information, record your user preferences, keep you logged into the Site, facilitate purchase procedures, and track the pages you visit. Cookies help us understand how the Site is being used and improve your user experience.

The following types of cookies may be used when you visit the Site:

Advertising Cookies: Advertising cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to interest you. These cookies allow advertisers and ad servers to gather information about your visits to the Site and other websites, alternate the ads sent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about you.

Analytics Cookies: Analytics cookies monitor how users reach the Site, how they interact with and move around once on the Site. These cookies let us know what features on the Site are working the best and what features on the Site can be improved.

Our Cookies: Our cookies are “first-party cookies”, and can either be permanent or temporary. These are necessary cookies, without which the Site won’t work properly or be able to provide certain features and functionalities. Some of these may be manually disabled in your browser, the result of which may affect the functionality of the Site.

Personalization Cookies: Personalization cookies are used to recognize repeat visitors to the Site. We use these cookies to record your browsing history, the pages you have visited, your settings and preferences each time you visit the Site.

Security Cookies

Security cookies help identify and prevent security risks. We use these cookies to authenticate users and protect user data from unauthorized parties.

Site Management Cookies

Site management cookies are used to maintain your identity or session on the Site so that you are not logged off unexpectedly, and any information you enter is retained from page to page. These cookies cannot be turned off individually, but you can disable all cookies in your browser.

Third-Party Cookies

Third-party cookies may be placed on your computer when you visit the Site by companies that run certain services we offer. These cookies allow third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.

Control of Cookies

Most browsers are set to accept cookies by default. However, you can remove or reject cookies in your browser’s settings. Please be aware that such action could affect the availability and functionality of the Site.

Other Tracking Technologies

In addition to cookies, we may use web beacons, pixel tags, and other tracking technologies on the Site to help customize the Site and improve your experience. A “web beacon” or “pixel tag” are tiny object or image embedded in a web page or email. They are used to track the number of users who have visited particular pages, viewed emails, and are also used to acquire other statistical data. They collect only a limited set of data, such as cookie number, time and date of page or email view, and a description of the page or email on which they reside. Web beacons and pixel tags cannot be declined. However, you can limit their use by controlling the cookies that interact with them.

Users Right

The following are the rights you possess in respect to your Personal Data handled by the Bank:

• The right to request for access to your Personal Data where those requests are reasonable and permitted by law or regulation. Baobab Nigeria shall provide reasonable and accessible means for you to submit your requests.
• The right to request the Bank erase your Personal Data if it is no longer valid or necessary for the purposes for which it was collected or if it is incomplete or inaccurate.
• The right to rectify or amend inaccurate or incomplete Personal Data.
• The right to object to processing of your Personal Data by Baobab Nigeria if there are compelling legitimate grounds to do so and to the extent permitted by law or regulation. For example, you have the right to object to Baobab Nigeria processing of your Personal Data for direct marketing purposes.
• The right to receive your Personal Data in a commonly used and machine-readable format and the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract.
• the right to lodge a complaint with the Supervisory Authority (NITDA) where you believe our processing of your data violates the requirements of the Nigeria Data Protection Regulation 2019 (NDPR).

Please note the following:

• That Baobab Nigeria may contact you to offer some products and services that may interest you. In circumstances you wish not to receive any such promotional messages or materials, you have the right to opt-out at any time by clicking the link to opt-out of by sending an email to customercareng@baobab.com.
• Upon discovery of any inaccuracies in your personal information with the Bank, please notify us promptly through our Contact Centre or the branch network nearest to you, and also support notification with required documentary evidence to enable the Bank update and/or implement such changes.

Data Collection Method

• Electronic Messages: We keep records of your interactions with us via electronic media (such as emails) in a secure manner while maintaining accuracy. When necessitated by legal or vital obligations, we archive these communications.
• Hard Copy Forms: We maintain accurate records of the information that you provide to us via hard copy forms in a secure manner. When necessitated by legal or vital obligations, we archive these communications.

Transfer of Personal Data

Personal data collected by Baobab Nigeria may be transferred within its various divisions or affiliated entities (with personnel who have a business need to know) as well as transferred to third party providers, with your consent. The following describes the various scenarios for which we may share your Personal Data with a third party:

• The prevention, detection, investigation and prosecution of crime in any jurisdiction (including, without limitation to money laundering, terrorism, fraud and other financial crime)
• Identity verification, government sanctions screening and due diligence checks
• To comply with local or foreign law, regulations, directives, judgments or court orders, government sanctions or embargoes, reporting requirements under financial transactions legislation, and demands of any authority, regulator, tribunal, enforcement agency, or exchange body.
• External Audit during our annual audit
• Credit Agencies
• Cross-border Data Transfer: Your Personal Data may be transferred to our Holding Office in Paris or IT Hub in Dakar, Senegal, in line with the permissible conditions defined by the NDPR. We will ensure that appropriate safeguards are in place to ensure the protection of your Personal Data being stored out of the country
• In the event of a merger, reorganization, acquisition or sale, the Bank may transfer any and all your personal information to the relevant third party
• Or any other reasonable circumstance that may require the Bank to share your information with concerned parties.

Children's Privacy

The privacy of Children is highly respected here at Baobab Nigeria, being the foundational reason that we do not knowingly collect children’s information (be it names, email addresses or other personally identifiable information), nor do we knowingly allow children under the age of 18 open an online account. The Bank does not and would not knowingly market to children with the same restriction.

How we ensure the protection of your personal data

We use appropriate measures such as regular system checks against hacking and phishing, periodic backup of data, user-access restriction & monitoring to keep your Personal Data confidential and secure.

Disclaimer

• Third-Party Sites and Services: Baobab Nigeria may offer or use third parties products or services, and our products, services, applications and websites may contain links to third-party websites, products and services. Information, third parties collect may include your contact details or location data, which is governed by their privacy policy and practices and we, therefore, encourage you to earn about those third parties privacy provisions. Baobab Nigeria shall not be liable for any breach of your privacy or confidentiality of your information on such third parties sites.
• Social Media Platforms: Baobab Nigeria may communicate and interface with several social media platform registered users (on Facebook, Instagram, YouTube and Twitter). Please note that the applicable social media platform privacy policies and terms of use govern any personal information you may have made available to users and all contents posted on such social media platforms, including but not limited to your pictures, profile, information or opinions. The review of this information to understand your rights and obligations regarding such content is strongly recommended.

Data Retention

Baobab Nigeria will retain and use Your Personal Information for as long as is necessary, in any case until the purpose of data collection is achieved and subject to any requirements to retain information in order to comply with any applicable law, regulation, professional requirements or standard, as well as, meet audit and business requirements, respond to queries and complaints and address disputes or claims that may arise.

Unretained data is destroyed securely when it is no longer required for the purpose for which it was collected.

In the event of breach

Baobab Nigeria takes reasonably practicable security measures to ensure your privacy. In the event of a privacy breach, The Bank shall report such breach to the relevant authority and if necessary, affected individuals of personal data breach within 72 hours of being aware of the breach (where the personal data breach will likely result in high risks to the freedoms and rights of the data subject). Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

Right to amend this privacy policy

Baobab Nigeria may, at any time, change or revise its practices and this Privacy Notice to reflect practices or development in our regulatory, legal and operation sphere. The amended version will be communicated via the various business communication channels, and shall come into force immediately. Such changes shall be automatically applicable to you.

Contact Information

If you have any questions, requests, comments or complaints about our Privacy Policy, please contact us at:ng.dataprotectionoffice@baobab.com You can contact and address your request to our Data Protection Officer (DPO) at 360, Muritala Mohammed Way, Yaba, Lagos State or please call 08188271061.