Your consent

By accessing our platforms, using our services, submitting an application, or clicking an acceptance button where applicable, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your Personal Data in accordance with Applicable Laws.

You may withdraw your consent at any time. However, withdrawal of consent shall not affect the lawfulness of processing carried out before withdrawal and may limit our ability to provide certain services where another lawful basis for processing exists.

DEFINITION OF PERSONAL DATA

Personal Data refers to any information relating to an identified or identifiable natural person, including but not limited to:.

• names and contact details;
• identification numbers and government-issued IDs;
• financial and banking information;
• loan and credit records;
• online identifiers such as IP addresses;
• device information;
• location data;
• behavioural and usage data;
• biometric or verification information where applicable.

LAWFUL BASIS FOR PROCESSING

We process Personal Data only where there is a valid lawful basis, depending on the specific purpose of processing. Accordingly, processing may be carried out where:

• you have given clear, specific, and informed consent;
• processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract;
• processing is required to comply with legal or regulatory obligations;
• processing is necessary to protect your vital interests or those of another natural person;
• processing is necessary for the performance of a task carried out in the public interest; or
• processing is necessary for our legitimate business interests or those of a third party, provided such interests do not override your fundamental rights and freedoms and are consistent with your reasonable expectations.

TYPES OF PERSONAL DATA WE COLLECT

We may collect and process the following categories of Personal Data:

a. Information you provide directly

• personal and contact information;
• identification documents;
• financial and employment information;
• loan application details;
• correspondence and customer support communications.

b. Information obtained from third parties

• credit bureaus and credit reference agencies;
• financial institutions and partners;
• identity verification service providers;
• regulatory and government databases where permitted by law.

c. Information collected automatically

• IP address and device identifiers;
• browser type and operating system;
• usage data from our websites and applications;
• cookies and similar tracking technologies.

CHILDREN’S PRIVACY

Our services are not directed at persons under the age of 18 years unless otherwise permitted by law or with verifiable parental or guardian consent.

We do not knowingly collect or process Personal Data relating to minors without appropriate legal basis and safeguards. Where we become aware that Personal Data relating to a minor has been collected without appropriate authorization, we shall take steps to delete such information promptly.

COOKIES AND TRACKING TECHNOLOGIES

We use cookies, web beacons, analytics tools, and similar technologies to enhance user experience, improve platform functionality, analyze usage trends, and support security and fraud prevention measures.

Cookies may include:

• strictly necessary cookies;
• performance and analytics cookies;
• functionality cookies; and
• marketing cookies where applicable.

You may control or disable cookies through your browser or device settings. However, disabling certain cookies may affect the functionality of our platforms and services.

PURPOSES OF PROCESSING PERSONAL DATA

We process Personal Data for the following purposes:

• to verify your identity;
• to assess eligibility for financial products and services;
• to process loan applications and manage customer accounts;
• to perform contractual obligations;
• to detect and prevent fraud, money laundering, and other financial crimes;
• to comply with regulatory, legal, and reporting obligations;
• to communicate with you regarding your account or services;
• to improve our products, services, and user experience;
• to conduct analytics, research, and business planning;
• to send marketing and promotional communications where permitted by law.

Financial Regulatory Processing

As a regulated finance company, we may process Personal Data for purposes connected with:

• Know Your Customer (KYC) verification;
• Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT) compliance;
• creditworthiness assessment and credit reporting;
• fraud prevention and transaction monitoring;
• regulatory reporting obligations;
• compliance with directives issued by the Central Bank of Nigeria (CBN), credit bureaus, law enforcement agencies, tax authorities, and other competent authorities.

Such processing may be carried out without additional consent where required or authorized by law.

Marketing Communications

We may send you service-related notices, product updates, promotional materials, and marketing communications where permitted by law or based on your consent or our legitimate interests.

You may opt out of marketing communications at any time by following the unsubscribe instructions included in such communications or by contacting us directly.

Opting out of marketing communications shall not affect transactional or service-related communications necessary for the administration of your account or services.

Automated Decision-Making and Profiling

We may use automated decision-making systems, including profiling, particularly in relation to credit assessment, fraud detection, and risk management.

Where such processing significantly affects you, you have the right to:

• request human intervention;
• express your point of view;
• challenge the decision; and
• obtain meaningful information about the logic involved and the consequences of such processing.

Disclosure of Personal Data

We may disclose Personal Data to:

• our employees and authorized personnel;
• service providers and vendors acting on our instructions;
• credit bureaus and financial partners;
• professional advisers such as auditors and legal consultants;
• regulatory authorities, courts, and law enforcement agencies;
• third parties where required by law or with your consent.

All third parties are required to implement appropriate data protection and confidentiality measures.

Third-Party Processors and Service Providers

Where we engage third-party service providers to process Personal Data on our behalf, such processing shall be governed by written agreements requiring confidentiality, security safeguards, lawful processing obligations, and compliance with the Nigeria Data Protection Act 2023 and applicable regulations.

We undertake reasonable due diligence in selecting service providers and may periodically review their compliance with applicable data protection obligations.

Cross-Border Data Transfers

Personal Data may be processed or stored outside Nigeria, including on cloud-based platforms.

Where cross-border transfers occur, we ensure that:

• the recipient country has adequate data protection laws; or
• appropriate safeguards, such as contractual protections, are in place.

We take reasonable steps to mitigate risks associated with international data transfers.

Data Security

We implement appropriate technical and organizational measures to protect Personal Data against loss, misuse, unauthorized access, alteration, or disclosure. These measures include:

• encryption of data in transit and at rest;
• access controls and authentication mechanisms;
• firewalls and intrusion detection systems;
• regular system monitoring and security testing;
• employee training on data protection obligations.

While we implement reasonable administrative, technical, and organizational safeguards to protect Personal Data, no method of electronic transmission, storage, or processing can be guaranteed to be completely secure. Accordingly, we cannot guarantee absolute security of Personal Data.

Data Retention

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, accounting, tax, audit, and operational obligations.

Retention periods may vary depending on the nature of the Personal Data and applicable legal requirements. For example:

• customer identification and KYC records may be retained in accordance with applicable AML/CFT regulations;
• financial and loan records may be retained for regulatory, audit, dispute resolution, and contractual purposes;
• marketing data may be retained until consent is withdrawn or objection is received.

Upon expiration of the applicable retention period, Personal Data shall be securely deleted, anonymized, archived, or otherwise disposed of in accordance with Applicable Laws and internal retention policies.

Your Rights as a Data Subject

At any point while we are in possession of or processing your Personal Data, you have the following rights:

• to withdraw your consent at any time;
• to request access to a copy of the information we hold about you in a commonly structured format;
• to correct inaccurate or incomplete Personal Data;
• to request erasure of Personal Data where applicable;
• to restrict processing activities relating to your Personal Data;
• to request transfer of your Personal Data to another organisation where applicable;
• to object to certain types of processing such as direct marketing;
• to object to automated processing, including profiling;
• to lodge a complaint with the Nigeria Data Protection Commission where you believe your rights have been violated.

Data Subject Request Procedure

Requests relating to access, correction, restriction, portability, objection, withdrawal of consent, or deletion of Personal Data may be submitted through the contact details provided in this Privacy Policy.

We may request sufficient information to verify the identity of the requester before processing any request.

Subject to applicable laws and regulatory obligations, we shall respond to legitimate requests within the timelines prescribed under applicable data protection laws.

Certain requests may be declined where retention or processing is required by law, regulatory obligations, fraud prevention requirements, contractual necessity, or the establishment, exercise, or defence of legal claims.

CCTV, Fraud Monitoring, and Security Surveillance

We may operate CCTV systems, fraud monitoring tools, call recording systems, and other security technologies at our offices, branches, digital platforms, and service channels for purposes including security, fraud prevention, regulatory compliance, dispute resolution, employee safety, and service quality assurance.

Data Breach Management

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, Page International Finance Company Limited shall, within 72 (Seventy-Two) hours of becoming aware of such breach, report the details of the breach to the Nigeria Data Protection Commission where required under Applicable Laws.

Where we determine that such breach is likely to result in a risk to your rights and freedoms, we shall notify affected individuals as soon as reasonably practicable and provide information regarding the nature of the breach, likely consequences, and measures taken or proposed to mitigate the impact.

Data Protection Officer

For questions, requests, or complaints relating to this Privacy Policy or our data processing practices, you may contact:

Data Protection Officer
Email: bnwanorue@pagefinancials.com

Whistleblowing and Ethics Reporting
Email: whistleblowing@pagefinancials.com

Internal Complaint Resolution

If you have concerns regarding our handling of your Personal Data, we encourage you to contact us first to enable us investigate and attempt to resolve the issue internally before escalating the matter to the Nigeria Data Protection Commission or any other authority.

Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Federal Republic of Nigeria.

Any dispute arising from or relating to this Privacy Policy, the processing of Personal Data, or the exercise of data protection rights shall be subject to the jurisdiction of the competent courts of Nigeria and the oversight powers of the Nigeria Data Protection Commission.

Relationship with Other Policies

This Privacy Policy should be read together with our Terms and Conditions, Cookie Policy, and any other applicable notices or agreements governing the use of our products, services, websites, or applications.

Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, regulatory requirements, or our operations. Updates will be communicated through our website or other appropriate channels.

Contact and Regulatory Authority

If you have concerns about how your Personal Data is handled, you may also contact:

Nigeria Data Protection Commission
Website: NDPC Official Website
Email: info@ndpc.gov.ng