Privacy Policy

PREAMBLE

PREAMBLE

Ultraviolet Microfinance Bank Limited is committed to protecting the privacy and security of personal data entrusted to it by its customers. This Privacy Policy describes the privacy rights of all persons (‘Data Subjects’), who interact with us on or through our website and/or mobile app (‘the Platforms’), and our approach to safeguarding those privacy rights as well as ensuring compliance with relevant data protection laws and regulations, including but not limited to the Constitution of the Federal Republic of Nigeria 1999, (as amended) and the Nigeria Data Protection Act, 2023.

This Privacy Policy is designed to be read in connection with the Platforms’ Terms of Use. By accessing or using our Platforms, you hereby agree with the method of collection, use, disclosure and processing of your Personal Information as described in this Privacy Policy and the Terms of Use.

The “Services” refer to the use of any of the financial services or products on any of the Platforms. “User,” “customer,” or “subscriber,” refers to consumers of the Services or anybody who interacts with any of our Platforms. “Personal Information,” or “Personal Data,” or “Data” means any information that identifies or can be used to identify a User, directly or indirectly, including, but not limited to name, email address, mobile number, photograph, bank details or IP address.

GUIDING PRINCIPLES

In processing personal data, we adhere strictly to the principles stipulated under the NDPA and ensure that-

• Data shall be collected and processed for a specific, legitimate, and lawful purpose, which shall be consented to by the User before collection and processing.
• Data may be further processed for archiving, scientific research, historical research, and statistical purposes for the public interest without obtaining the consent of the User.
• Data collection and processing shall be adequate, accurate, and with consideration for the dignity of the human person.
• Data shall only be stored for the period that is reasonably needed and as required by the relevant and applicable laws.
• Data shall be secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, and manipulations of any kind.

USER OBLIGATION

• If you have created a username, identification code, password or any other piece of information as part of our access security measures, you must treat such information as confidential, and you must not disclose it to any third party. We reserve the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion you have failed to comply with any of the provisions of these Conditions. If you know or suspect that anyone other than you know your security details, you must promptly notify us via any of the communication means.
• We use commercially reasonable efforts to ensure that Personal Information as provided by Users are accurate for the identified purposes. It is your responsibility to ensure that the information you provide is accurate for the intended purpose, and to inform us, in good time, of any changes to your Personal Information.
• In order to verify the information provided by the User, we may request you to provide copies of documents related to your Personal Information including but not limited to an official ID Card, bank verification number, etc.

USER RIGHTS

Your rights in relation to Your Personal Data are as follows:

• the right to have access to Your Personal Data;
• the right to be informed about the processing of Your Personal Data;
• the right to rectify any inaccurate Personal Data or any information about You;
• the right to review, modify or erase Your Personal Data and any other information we have about You;
• the right to restrict the processing of Your Personal Data;
• the right to block Personal Data processing in violation of any law;
• the right to be informed about any rectification or erasure of Personal Data or restriction of any processing carried out;
• the right to the portability of Your Personal Data; and
• the right to lodge a complaint to a supervisory authority within Nigeria.

CONSENT

• By continuing to use the Platforms, you acknowledge and agree that you have carefully read, understood and consented to the terms of use and this privacy policy. If you do not consent to the use of your personal data as described in this Policy, please do not use the Platforms.
• We reserve the right to amend this Privacy Policy at any time and when we do, the updated version will be posted here so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it.
• By continuing to access and use the Services, you are deemed to have accepted the changes to the provisions of this Privacy Policy.
• You reserve the right to withdraw your consent for the collection, use, storage and disclosure of your personal data at any time by sending an email to info@ultravioletmfb.com or using the ‘Call Us’ details on our website https://ultravioletmfb.com/. Please note that, withdrawal of consent may limit your ability to use the Platforms.
• If you provide the Personal Information of any third party on the Platforms, we assume that you have obtained the required consent from the relevant third party to share and transfer his/her Personal Information to us.
• You may choose not to provide certain information, but that may limit your ability to use some features on the Platforms.
• You may also opt-out of receiving promotional communications from us by following the instructions provided in those communications.

DATA COLLECTION

The Bank collects and uses any information you supply when you interact with the Platforms, and share personal details like your name, Bank Verification Number (BVN), Valid Identification, address and picture. By using the Platforms to transact, you also share details of your transactions with us. Additionally, we may request explicit permission to see other information like your address book, location, photos and data from your camera. We collect personal data through-

Usage Data: When you sign up for any of the Services on the Platforms, pay for a subscription, consult with our customer service team, send us an email, post on our blog or communicate with us in any way, you are voluntarily giving us information that we process, including, but not limited to; name, username, email address, mobile number, IP address, credit/debit card information, bank information, and purchase history. By submitting this information, you consent to its’ collection, usage, disclosure, and storage by us, as described in our Terms of Use and in this Privacy Policy.

Automatically Collected Data: When you use the Services or browse any of our Platforms, we may collect information about your visit, your usage of the Services, and/or your web browsing; which may include your IP address, operating system, device type, , browser ID, browsing activity, and other information about how you interacted with our Site or Mobile Applications. We may collect this information as a part of log files or through the use of cookies or other tracking technologies.

Mobile Application Data: When you use our Mobile Application, we may collect certain information in addition to information described elsewhere in this Policy. For example, the type of device and operating system you use. We may ask you if you want to receive push notifications. If you have opted in to these notifications and no longer wish to receive them, you may turn them off through your device’s operating system. We may use mobile analytics software to better understand how people use our application. We also collect information about how often you use the application and other performance data.

Cookies: We collect certain information from the User’s browser using small data files called “cookies”. The Platform may use session cookies to help recognize a User who visits multiple pages during the same session so that  you do not have to enter a password to access each page. Session cookies terminate once  you close the browser. We also use persistent cookies to collect, store, and track information. The Platform uses persistent cookies to store the User’s login ID (but not the User’s password) to make it easier for you to log in when the you return to the Platform. Cookies cannot read data off your hard disk or read cookie files created by other sites. Use of a cookie is in no way linked to any personally identifiable information while on the Platforms. Once you close your browser, the cookie simply terminates.

You may choose to accept or refuse cookies by changing the settings of your browser. You may also reset your browser to refuse all cookies or allow your browser to show you when a cookie is being sent. Rejecting the cookies on the Platforms, may limit you to minimal functionality. We use strictly necessary cookies, analytical/performance, functionality and targeting/advertising cookies on the Platforms. These cookies may allow:

• us remember any of the features and services you use such as savings, fixed deposit, bill payment, tap and pay amongst others.
• us to remember choices you make to improve your experience (such as your username, age classification etc.);
• third party advertising companies to display advertisement more relevant to you and your interests. As part of their services, they will place a separate cookie on your computer to help them precisely target advertising to you. These third-party advertising companies do not collect personally identifiable information; and
• us and/or third-party partners collect anonymous information including but not limited to performance and website improvement. This may include web analytics, error management and testing designs. You can find out more about cookies at this site:

WHY WE COLLECT PERSONAL INFORMATION

We collect Personal Information for the following reasons: 

For Promotional Purposes: This includes sending you emails relating to the benefits of a product, service, brand or issue. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send, or by adjusting your marketing preferences in your profile.

For Billing Purposes: This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.

To Provide and Improve Our Services: This includes, for example, aggregating information from your use of the Services or visit to our Platforms and sharing this information with third parties to improve our Services. This might also include sharing your information with third parties in order to provide and support our Services. When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that requires them to use the Personal Information we transfer to them in a manner that is consistent with this policy.

For Account Support Communication: For example, we may inform you of subscription payment successes or failures, password reset attempts, and other support-related functions.

For Platform Alerts: We may inform you of temporary or permanent changes to our Services, such as price changes, planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy.

For Legal Purposes: for the purpose of, complying with court orders, valid discovery requests, valid subpoenas, to prosecute and/or defend in court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.

For Transfer Purposes: In the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our website.

LIMITATIONS TO DATA COLLECTION

The Bank may limit its collection of Personal Information to the extent that the information is unnecessary for the identified purposes. We do not knowingly collect nor do we direct our Platforms to collect any Personal Information from persons under the age of eighteen (18) years. Consequently, the Bank shall not be liable for any use or processing of Personal Information of persons under the age of 18.

DISCLOSURE/SHARING OF PERSONAL INFORMATION

We provide such necessary information to our subsidiaries, affiliated companies, or other trusted third-party service providers or persons for the purpose of processing personal information on our behalf, including validating user credentials, securing data storage, marketing, customer service, fraud detection, and other applicable services The Bank will only disclose your Personal Information:

• to its employees, independent contractors, subsidiaries, affiliates, consultants, business associates, service providers, suppliers and agents, acting on its behalf for any of the identified purposes provided that the disclosure will be on the condition that adequate steps will be taken to protect the personal information so disclosed;
• if it has reason to believe that disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with the Bank’s rights or property, other users of the Platforms, the Services, or anyone else that could be harmed by such activities;
• in the event of business transfers which may occur when we sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets; and
• to respond to judicial process and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law.

DATA RETENTION

We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. If your account becomes inactive (that is, if you request to be removed from the Bank’s database), we will keep your Personal Information in our archives for the duration required by law. Your information will be used only as necessary for tax reasons or to prove the Bank’s compliance with any applicable law.

DATA CONFIDENTIALITY RIGHTS

(Reporting Personal Data Breach)

We are legally bound by the Nigeria Data Protection Act 2023 (“NDPA”) and other relevant laws and regulations to report data breaches and any risk to the rights and freedoms of a User. Where a personal data breach results in a high risk to a User, the User will be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialise, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the User directly. In the latter circumstances, a public communication must be made, or an equally effective alternative measure must be adopted to inform such a User, so that he/she can take any necessary remedial action.

DATA TRANSFER

We will only transfer Personal Information outside the country upon compliance with the provisions of any applicable law in relation to transfer of Personal Information outside Nigeria. BVN data shall be stored within Nigeria and shall not be routed across borders without the consent of the Central Bank of Nigeria (CBN).

DATA STORAGE

All Personal Information you provide to us is stored on our secured servers as well as secured physical locations and cloud infrastructure (where applicable) for the purposes of providing seamless services to you, including but not limited to ensuring business continuity. The data that we collect from you may be transferred to or stored in cloud locations at globally accepted vendors’ data center.

DATA SECURITY

The Bank has implemented physical, technical, and procedural safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. We use computer safeguards such as firewalls and endpoint protection, data encryption, and restricted and authorized access to personally identifiable information for those employees, contractors, and agents who require it to fulfill their job responsibilities. The Bank will securely destroy your Personal Information when it is no longer needed for any legal or business purpose.

Your password is the key to your account. Please use unique numbers, letters and special characters, and do not share your password to anyone. If you do, you will be responsible for all actions taken in the name of your account and the consequences. If you lose control of your password, you may lose substantial control over your Personal Information and other information submitted to us. You could also be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason or if you have grounds to believe that your password has been compromised, you should immediately contact us and change your password.

As a safety measure, you are required to log off from your account and close the browser after using a shared computer. Should a security breach occur, the Bank will notify all affected customers as soon as is reasonably possible and later file a report with the appropriate authorities on the actions we took if the need arises.

THIRD-PARTY WEBSITES AND LINKS

Our Platforms may contain links to third party websites (“Linked Websites”). This Privacy Policy does not cover collection or use of information by Linked Websites. We are not responsible for the privacy practices of Linked Websites. If you have questions about the privacy policies or practices of a Linked Website; you should contact the web administrator of the site directly.

PRIVACY POLICY CHANGES

We may make changes to this Privacy Policy from time to time, and for any reason. You are advised to consult this privacy policy regularly for any changes, as we deem your continued use, following posting of any amendment, modification or change, approval of all changes and consent. The revised version will be effective at the time we post it.

CONTACT US

If you have questions regarding your data privacy rights or would like to submit a related data privacy right request, or if you have general questions concerning this Privacy Policy, please contact us at:

• Ultraviolet Microfinance Bank Limited, No 9, Dunukofia  Street, Area 11,  Garki  Abuja, Nigeria.• info@ultravioletmfb.com

This policy was last updated on 8th April, 2025.