At Paysita, the privacy of our Data Subjects and their Personal Data is of utmost importance to us. And in line with our resolution, we have developed this Privacy Policy to explain your privacy rights, particularly regarding how we collect, process, retain, share and protect your Personal Data when you visit our website, premises or use our digital platforms (collectively, "the Platform" or "Services").
This Privacy Policy between Paysita Nigeria Limited ("Paysita") and you constitute our commitment to your continued privacy on all our platforms. It is designed to provide information regarding our privacy practices and help you understand how we handle your data, in full compliance with the provisions of the Nigeria Data Protection Act 2023 and other applicable data protection regulations.
1. ConsentWhen you access our platforms and give your consent upon such access, you accept this privacy policy;
in particular, as you use the services offered on our website and digital platform or visit any of our offices and submit your data for official or non-official purposes.
2. What Personal Data do we collect?
We collect Personal Data about you when you use the services offered on our website and digital platform, including the following:
Sign-up information: We will require your personal details such as Full Names, first name and last name, phone number, email address, password, Date of Birth and referral code (optional)
in line with regulation and in furtherance of our KYC computation processes as you use our services.
Transaction information: When you use our digital platform to send and receive money, make purchases from merchants, pay bills, deposit & withdraw cash,
we collect information about the transaction, as well as other associated information as necessary to offer and fulfil the service (like transaction receipt, account statement) that we are obliged to;
such as: the amount sent or received, amount paid for products or services, merchant information – including information about your device and geolocation.
Participant Personal Data: We collect Personal Data such as name and financial account information about the participant who is receiving money from (or sending money to) you,
when you send or receive money through the Services.
Image Information: We may collect your image (upload, storage, and use) information to support account opening, such as uploading your portrait.
We may also collect information from your images when you use our customer support to upload evidence such as statements and checks.
In addition, we may collect your image information in connection with regulatory KYC purposes.
Information from other sources: We may collect information from other sources, such as our social media platforms when you reach out to us to lodge a complaint about our services.
However, we will only ask for information relevant to the help required of us to you.
In addition, we also indirectly collect information from NIBSS, credit bureaus, NIMC, or other third-party KYC verification service providers.
Other information we collect related to your use of our website or Services:
We may collect additional information from or about you when you communicate with us, contact our customer support teams,
respond to a survey or use functionality offered by third-party service providers through our Platform.
For instance, when you initiate third-party applications through Paysita mobile application, with your prior consent,
your SMS may be collected and monitored to help third-party service providers reduce risks associated with your application through the relevant model/system to provide customized services.
When you apply for a job with us:
We may request Personal Data about your education, employment and state of health.
As part of your application, you will be asked to provide your express consent to our use of this information to assess your application
and any monitoring activities which may be required of us under applicable laws as an employer.
We may also carry out screening checks (including reference, background and criminal record checks).
We may exchange your Personal Data with academic institutions, recruiters, health maintenance organisations, law enforcement agencies, referees and your previous employers.
Without your Personal Data, we may not be able to process your application for positions with us.
We do not collect the information of minors:
If you are under the age of 18, you are not eligible to use the service offered on our digital platform.
3. How Do We Retain Personal Data?
We retain Personal Data in an identifiable format only for as long as required for our business purposes,
with specific reference to the service rendered to you, and to fulfil our legal or regulatory obligations.
Subject to applicable law, which might, from time to time, oblige us to retain your Personal Data for a certain period of time,
we will retain your Personal Data for as long as necessary to fulfil the purposes we collect it for,
including the purposes of satisfying any legal, accounting, or reporting obligations.
4. How Do We Process Personal Data?
We collect your personal data to provide you an efficient and secure customer experience.
We may process your Personal Data for the following reasons:
Provide services, including to:
Initiate a payment, send or request money, or pay a bill;
Authenticate your access to an account;
Communicate with you about your account;
Manage risk, fraud and abuse of our services and prevent you from fraud (by developing and adopting measures of verifying your identity).
Our risk and fraud tools use personal data, device information and geolocation from our Platform
that offers services to help detect and prevent fraud and abuse of the services.
Comply with our legal and regulatory obligations and to enforce the terms of our sites and services,
including to comply with all applicable laws and regulations.
Trail information breach and remediate such identified breaches.
Resolve disputes and troubleshoot problems.
With your prior consent:
Market Paysita products and services to you.
Use cookies to provide a targeted display, feature, service or offer to you.
To provide you with location-specific functionality like searching nearby agents if you authorize us to access your Geolocation information through the Services.
We will not send unsolicited marketing communications to you by SMS or email if you have not opted in to receive them.
Additionally, you can withdraw your consent at any time and free of charge.
5. Information Sharing and Tracking Disclosure
Paysita respects user privacy and handles Personal Data in line with applicable data protection laws and Apple platform privacy requirements. Personal Data collected through the application is used only for service delivery, compliance, and platform operations.
Tracking and App Privacy Transparency
Paysita does not track users across third-party apps, websites, or services for advertising purposes. The application does not link user data with third-party data brokers or external advertising networks. Where tracking becomes necessary in future updates, Paysita will request user permission through Apple App Tracking Transparency before collecting or sharing any data used for tracking.
If tracking features differ across supported platforms or regions, such differences will be disclosed within App Store Connect and documented in the Review Notes during submission.
Sharing Within Paysita Group
Personal Data may be shared with entities within the Paysita Group operating under equivalent internal data protection and security controls. This sharing supports service delivery, fraud prevention, risk management, policy enforcement, and system connectivity required for platform operations.
Service Providers Acting on Our Behalf
Paysita shares Personal Data with trusted third-party service providers performing services under contractual instruction. These services include identity verification, transaction processing, customer support, infrastructure hosting, security monitoring, and operational communications related to Paysita services. All service providers operate under confidentiality and data protection obligations.
Platform Functionality Providers
With user authorization, Personal Data may be shared with independent service providers integrated into the platform to complete requested services or transactions.
Financial Institution Partners
Personal Data may be shared with regulated financial institutions partnered with Paysita strictly for transaction processing, financial verification, compliance monitoring, and maintenance of accurate financial records. Data sharing remains limited to Paysita-related services unless expanded through user consent.
Transaction Participants
When users send or receive funds, certain Personal Data and account details are shared with transaction participants and their authorized service providers. This information supports payment completion, dispute resolution, fraud detection, and transaction security.
Legal and Regulatory Requirements
Paysita shares Personal Data where required or permitted by law, including situations involving regulatory compliance, lawful requests from government authorities, court orders, investigations of suspected illegal activity, enforcement of platform agreements, protection of legal rights, prevention of financial loss, audit obligations, or corporate restructuring activities such as mergers or acquisitions.
User Consent
Personal Data may also be shared where users provide clear consent or direct Paysita to disclose information for a specific purpose.
App Store Privacy Compliance
Paysita maintains accurate App Privacy Information within App Store Connect. Any future change involving tracking, data sharing practices, or regional functionality differences will be reflected in updated privacy disclosures prior to submission for review.
6. How We Use Cookies
Cookies are small files placed on your device’s browser that enable the website to identify your device as you view different pages.
Like most interactive websites, our website uses cookies to enable us track of your activity for the duration of a session.
Our website uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs out of the platform and closes the browser.
Session cookies do not collect information from your device.
They will typically store data in the form of a session identification that does not personally identify you.
Certain aspects of our website are only available through the use of cookies, so your use of our website may be limited or not possible if you choose to disable or decline cookies.
If you choose to decline the cookies, you may simply exit our website.
7. What Are Your Rights?
Requests to Access, Rectify or Erase.
Access Request
As permitted under law and applicable data privacy regulations, you have the right to ask us whether we hold any Personal Data relating to you and, if we do, to be provided with a copy of that Personal Data in electronic form,
unless you want to receive it in any other way (for example, a paper copy).
In addition, you can ask us for information on how we use your Personal Data, who we share it with, how long we keep it, where it is stored,
and other information to help you understand how we use it.
Rectification Request
You have the right to ask us to correct your Personal Data (including by means of providing a supplementary statement) if it is inaccurate,
or update outdated or incomplete Personal Data without undue delay.
Where we cannot correct the Personal Data, we include a note on our files regarding your request to correct your Personal Data.
Erasure Request
You have the right to ask us to erase your Personal Data if:
- Your Personal Data are no longer necessary for the purpose(s) they were collected for.
- Your Personal Data have been unlawfully processed.
- Your Personal Data must be erased to comply with a regulation.
- You withdraw your consent for the processing of the Personal Data (and if this is the only basis on which we are processing your Personal Data).
- You object to the possession, provided there are no overriding legitimate grounds for continued processing, or
- You object to processing for direct marketing purposes.
If we receive your erasure request, we will also take reasonable steps to inform other data controllers processing the data
so they can seek to erase links to or copies of your Personal Data.
We may refuse to act on your request to erase your Personal Data if the processing of your Personal Data is necessary:
- To exercise our right of freedom of expression and information.
- To comply with the relevant Nigerian laws and regulations.
- For the performance of a task carried out in the public interest or to exercise some official authority vested in us.
- To establish, exercise or defend legal claims.
- To comply with relevant legal and regulatory directives.
In these cases, we can restrict the processing instead of erasing your Personal Data if requested to do so by you.
Requests to Object:
You have the right to object at any time to the processing of your Personal Data if we process it based on our legitimate interests.
This includes any so-called “profiling”.
Our privacy notice informs you when we rely on legitimate interests to process your Personal Data.
In these cases, we will stop processing your Personal Data unless we can demonstrate compelling legitimate reasons for continuing the processing.
We may reject your request if the processing of your Personal Data is needed to establish, exercise or defend legal claims.
You have the right to object at any time if we process your Personal Data for direct marketing purposes.
You may also object at any time to profiling supporting our direct marketing.
In such cases, we will stop processing your Personal Data when we receive your objection.
Requests to Restrict:
You have the right to ask us to restrict the processing of your Personal Data if:
- You contest the accuracy of your Personal Data and we are in the process of verifying the Personal Data we hold.
- The processing is unlawful and you do not want us to erase your Personal Data.
- We no longer need your Personal Data for the original purpose(s) of processing, but you need them to establish, exercise or defend legal claims and you do not want us to delete the Personal Data as a result.
- You have objected to processing carried out because of our legitimate interests while we verify if our legitimate grounds override yours.
If processing is restricted, we may process your Personal Data (excepting for storage purposes), only:
- If you have given us your consent.
- For establishing, exercising or defending legal claims.
- For protecting the rights of another natural or legal person.
- For reasons of important public interest as defined under the NDPA and relevant Nigerian laws.
- To comply with relevant legal and regulatory directives.
Once processing is restricted following your request, we will inform you before we lift the restriction.
Requests for Portability:
If our processing is performed by computer and is necessary to fulfil a contract with you, or is based on your consent, you have the right to:
- Receive any Personal Data you have provided to us in a structured, commonly used and machine-readable electronic format.
- Send your Personal Data to another organization or have us do so for you if it is technically feasible for us to do so (either for a fee or free).
If your request relates to a set of Personal Data that also concerns other individuals, we may restrict the transfer to only the portion relevant to you,
unless you establish that you have also gotten their consent.
Requests to Object to Automated Decisions:
Generally, you have the right to object to any legal decision concerning you or which otherwise significantly affects you
if this is based solely on the automated processing of your Personal Data.
This includes automated decisions based on profiling.
In such instance, you may undertake a legal process to prevent or advance your rights.
Otherwise, we may refuse your request regarding such automated decisions where:
- Necessary to enter into a contract with you, or for the performance of your contract with us.
- Permitted by regulations.
- Based on your explicit consent.
Our actions on the automated processing involving your sensitive Personal Data (where you have given your explicit consent or the processing is necessary for reasons of substantial public interest),
are in complete compliance with the NDPA and relevant laws.
8. How Do We Protect Your Personal Data?
Security
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data
against loss, misuse, unauthorized access, disclosure, and alteration.
The security measures include firewalls, data encryption, physical access controls to our premises, CCTV cameras for public safety and quality control,
as well as information access authorization controls.
Confidentiality
Your Personal Data is regarded as confidential and will not be divulged to any third party, except under legal and/or regulatory conditions.
You have the right to request sight of, and copies of any and all information we keep on you, if such requests are made in compliance with the Freedom of Information Act and other relevant enactments.
While we are dedicated to securing our systems and services and safeguarding the information entrusted to us,
your role in fulfilling confidentiality duties includes, but is not limited to, adopting and enforcing appropriate security measures such as:
- securing and maintaining the privacy of your password(s) and account/profile registration information,
- adherence with physical security protocols on our premises,
- verifying that the Personal Data we maintain of you is accurate and current.
We will inform you of any breaches which may affect your Personal Data.
9. Remedies for Violation and Time-frame for Remedy
In the event of violation of this policy, our Data Protection Officer shall within 7 days redress the violation.
Where the violation pertains to the disclosure of your Personal Data without your consent, such information shall be retracted immediately,
and confirmation of the retraction sent to you within 48 hours of the redress.
10. Governing Law
This Privacy Policy is made according to the Nigeria Data Protection Act (2023) or any other relevant Nigerian laws, regulations,
or international conventions applicable to Nigeria.
11. Changes to our Privacy Policy
This privacy policy is reviewed periodically and when there is any substantial change to business or regulatory requirements.
The revised Privacy Policy will be effective as of the published updated date.
At the minimum, we shall review this annually and communicate via our communication channels such as Website, Social Media Accounts etc.
If the revised version includes a substantial change, we may notify you of the change using emails or other means.
12. How Does Your Personal Data Move Globally?
Our operations are supported by a network of computers, cloud-based services and other infrastructure and information technology.
Your Personal Data will be stored in Nigeria where we are providing Services to you,
except where you provide your consent for your Personal Data to be processed outside Nigeria to enable us process your transactions.
Data are stored with appropriate encryption method and security standards.
We will protect your information as prescribed in the Privacy Policy if your Personal Data is transferred out of Nigeria.
By using our Platform and Services, you consent to your Personal Data being transferred out of Nigeria,
to a jurisdiction which has adequate data protection laws as prescribed in the NDPA.
13. Contact Us
If you have any general questions or concerns about this Privacy Policy or the way in which we handle your Personal Data,
kindly contact us via the details below:
PAYSITA NIGERIA LIMITED
5A River Benue Street Maitama Abuja
Email: Support@paysita.com