This privacy policy (“Policy”) applies to the website(s) and mobile application(s) (hereinafter referred to as, the “Sites”) provided by VFD Microfinance Bank Limited (“Bank”, “we”, “us”, “our” or “The company”), and other products/services of VFD MFB (Vbank). This Policy discloses our data protection practices on our Sites and products (“Services”), inclusive of the type of personal data that we collect, our method of collection of personal data, use of personal data and procedures for sharing personal data with third parties.

VFD MFB takes its responsibilities regarding the management of the requirements of the Data Protection Laws very seriously. This Policy sets out how VFD MFB manages these responsibilities. This Policy applies to all Personal Data that VFD MFB processes regardless of the location where that Personal Data is stored (e.g. on a user’s own device) and regardless of the Data Subject.

VFD MFB obtains, uses, stores and otherwise processes Personal Data relating to you  referred to in this Policy as Data Subjects). When Processing Personal Data, VFD MFB is obliged to fulfil individuals’ reasonable expectations of privacy by complying with the Data Protection Laws.

1. Consent for Collection, Use and Disclosure
2. Your usage of the Platforms and/or registration for the Services constitutes your consent to the terms of this Privacy Policy. If you do not agree, you can withdraw your consent at any time but please note that the Company will not be able to provide you with its Services.
3. The Company reserves the right to amend this Privacy Policy at any time. When it does, the Company will also revise the “last updated” date at the bottom of this Privacy Policy.
4. The Company will notify you by email regarding material changes to this Privacy Policy that will affect information collected from you in the future. However, the Company will not notify you in certain circumstances, such as in connection with investigation of a breach of an agreement, contravention of laws, an emergency where the life, health or security of an individual is threatened, the collection of a debt or in compliance with the request of a law enforcement agency or a court order. However, the Company may notify Users of such circumstances upon request by the User in permissible circumstances.
5. You may withdraw your consent for collection, use and disclosure at any time by sending an email using the Company’s contact details on the ‘Contact Us’ page on the Site. Please note that, if you withdraw your consent for collection, use and disclosure, the Company may suspend its provision of Services to you.
6. By continuing to access and use the Services, you are deemed to have accepted the changes to the provisions of this Privacy Policy.
7. If you provide the Personal Information of any third party to the Company, we assume that you have obtained the required consent from the relevant third party to share and transfer his/her Personal Information to us.

2.Collection of Personal Information.

All information supplied by Users of the Services as defined under the Terms of Use is covered by the provisions of the Constitution of the Federal Republic of Nigeria 1999 (as amended), the Nigerian Data Protection Act 2023 (NDPA), other extant laws and regulations regulating the use and management of personal data.

1. Voluntarily Submitted Data: When you sign up for the Company’s Services, pay for a subscription, consult with our customer service team, send us an email, post on our blog or communicate with us in any way, you are voluntarily giving us information that we process, including, but not limited to; name, username, email address, mobile number, IP address, credit card information, bank information, and purchase history. By submitting this information, you consent to its’ collection, usage, disclosure, and storage by us, as described in our Terms of Use and in this Privacy Policy.
2. Automatically Collected Data: When you use the Services or browse any of our Platforms, we may collect information about your visit, your usage of the Services, and/or your web browsing; which may include your IP address, operating system, device type, operating system, browser ID, browsing activity, and other information about how you interacted with our Site or Mobile Applications. We may collect this information as a part of log files or through the use of cookies or other tracking technologies. Our use of cookies is discussed more in our Cookie Policy accessible here.
3. Service Usage Data: We may receive information about how and when you use the Services, store it in log files or other types of files associated with your account, and link it to other information we collect about you. This information may include, for example, your IP address, time, date, browser used, and actions you have taken within the Site or Mobile Applications. This type of information helps us to improve our Services for both you and for all of our Users.
4. Cookie Data: The Site uses cookies. Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are useful because they allow a website to recognize a User’s device as well as do a lot of other tasks, you may see examples below. You can find more information about cookies at: and youronlinechoices.eu. We use strictly necessary cookies, analytical/performance, functionality and targeting/advertising cookies on the Platforms. These cookies may allow:

Strictly necessary – us remember any of the features and services you use such as savings, fixed deposit, bill payment, tap and pay amongst others.
Functionality – us to remember choices you make to improve your experience (such as your username, age classification etc.);
Advertising or targeting – third party advertising companies to display advertisement more relevant to you and your interests. As part of their services, they will place a separate cookie on your computer to help them precisely target advertising to you. These third-party advertising companies do not collect personally identifiable information; and
Analytical or Performance – us and/or third-party partners collect anonymous information including but not limited to performance and website improvement. This may include web analytics, error management and testing designs. You can find out more about cookies at this site:

Mobile Application Data:  When you use our Mobile Applications, we may collect additional information beyond what is described elsewhere in this Policy. This includes details such as the type of device and operating system you use. We may ask if you wish to receive push notifications. If you opt-in and later decide you no longer want to receive them, you can disable them through your device’s operating system. We may utilize mobile analytics software to gain insights into how users interact with our application, including the frequency of use and other performance metrics. Additionally, we may collect location data to provide enhanced services and improve user experience. This includes both precise and approximate location data, gathered through GPS, Wi-Fi, and cellular networks, to offer location-based services and features tailored to your needs.

3.Purposes for collecting Personal Information

We collect Personal Information for the following reasons:

1. For Promotional Purposes: This includes sending you emails relating to the merits of a product, service, brand or issue. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send, or by adjusting your marketing preferences in your profile. This data is processed in accordance with consent under the NDPA and extant data protection laws.
2. For Billing Purposes: This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. This data is processed in accordance with consent and third-party data processing contract requirements under the NDPA and extant data protection laws.
3. To Provide and Improve Our Services. This includes, for example, aggregating information from your use of the Services or visit to our Platforms and sharing this information with third parties to improve our Services. This might also include sharing your information with third parties in order to provide and support our Services. When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that requires them to use the Personal Information we transfer to them in a manner that is consistent with this policy. This data is processed in accordance with consent and third-party data processing contract requirements under the NDPA and extant data protection laws.
4. For Account and Support Communication: For example, we may inform you of subscription payment successes or failures, password reset attempts, and other support-related functions. This data is processed in accordance with consent requirements under the NDPA and extant data protection laws.
5. For Platform Alerts: For example, we may inform you of temporary or permanent changes to our Services, such as pricing changes, planned outages, new features, version updates, releases, abuse warnings, and changes to our Privacy Policy. This data is processed in accordance with the contract requirements under the NDPA and extant data protection laws.
6. For Job Applications: When you apply for a job with us, we may collect personal data related to your education, employment history, and health status. This information is used to assess your application and fulfill any monitoring requirements under applicable employment laws. As part of the application process, you will be asked to provide explicit consent for the use of this data. We may also conduct screening checks, including reference, background, and criminal record checks. Your personal data may be shared with academic institutions, recruiters, health maintenance organizations, law enforcement agencies, referees, and previous employers. Without this data, we may be unable to process your job application.

1. For Legal Purposes: For example, complying with court orders, valid discovery requests, valid subpoenas, to prosecute and/or defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements. This data is processed in accordance with legal obligation under the NDPA and extant data protection laws.
2. For Transfer Purposes: In the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Website. This data is processed in accordance with legal obligation under the NDPA and extant data protection laws.
3. Limiting the Collection of Personal Information

The Company may limit its collection of Personal Information only to the extent that the information is unnecessary for the identified purposes. The Company does not direct the Platforms to, nor does it knowingly collect any Personal Information from persons under the age of eighteen (18) years. Consequently, the Company shall not be liable for any use or processing of Personal Information of persons under the age of 18.

5. Disclosure of Personal Information

The Company will not disclose any of your Personal Information to anyone else, except:

1. to its employees, independent contractors, subsidiaries, affiliates, consultants, business associates, service providers, suppliers and agents, acting on its behalf for any of the identified purposes;
2. if it has reason to believe that disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with the Company’s rights or property, other users of the Platforms, the Services, or anyone else that could be harmed by such activities;
3. in the event of business transfers which may occur when we sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets; and
4. to respond to judicial process and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law.

6.Data Retention

We may retain Personal Information about the User, as long as it is necessary for business and/or legal purposes. Also, we may retain aggregated anonymized information indefinitely (for clarity, this refers to where your personal data is anonymized so that it can no longer be affiliated with you). In addition, we may retain your information for an additional period as is permitted or required to, among other things, comply with our legal obligations, resolve disputes, and enforce agreements. If your account becomes inactive (that is, if you request to be removed from the Company’s database), the Company will keep your Personal Information in its archives for the duration required by law. Your information will be used only as necessary for tax reasons or to prove the Company’s compliance with any applicable law.

7.Data Transfer

We may transfer your personal data to third parties, including service providers and partners, for the purposes of providing our services, complying with legal obligations, or as otherwise permitted by law. All transfers of personal data will be conducted in accordance with the Nigeria Data Protection Act (NDPA) 2023 and other relevant regulations.

By using or accessing our Services or Platforms, you hereby explicitly and contractually consent to the transfer of your Personal Information by the Company as contemplated herein.

8.Accuracy of Personal Information

We will use commercially reasonable efforts to keep your Personal Information as provided by you accurate for the identified purposes. Users are responsible for informing us about any changes to their Personal Information from time to time.

Users will be informed that in order to implement the measurements of verification of information provided by the User, we may request you to provide copies of documents related to your Personal Information including but not limited to an official ID Card, bank verification number, etc.

Users represent that all Personal Information provided to us is accurate for the identified purpose. In the event that we have not received information from you regarding any change of status on your Personal Information, please note that you inherently accept the responsibility for the information you provided and/or the failure to timely and accurately update your details.

9.Data Security

VFD MFB implements and sustains appropriate measures to protect Personal Data. We consider in particular, the risks to Data Subjects presented by unauthorized or unlawful Processing or accidental loss, destruction of, or damage to their Personal Data. Safeguarding will include the use of encryption and Pseudonymization where appropriate. It also includes protecting the confidentiality (i.e.  only those who need to know and are authorized to use Personal Data shall have access to it), integrity and availability of the Personal Data.

We have developed policies and documentation as an organization to ensure the safety, integrity, and confidentiality of your personal data. Additionally, we regularly train and equip our authorized staff with the latest data security measures.

We will regularly assess and test the effectiveness of our measures to ensure the security of our processing of personal data.

We manage personal data in a manner that prevents accidental loss, disclosure, or other unintended or unlawful processing, while maintaining its confidentiality. Special care is taken to protect sensitive personal data from loss and unauthorized access, use, or disclosure.

We follow procedures and use technologies to secure all personal data from the point of collection to its destruction.

We adhere to all applicable aspects of this policy and do not attempt to bypass the administrative, physical, and technical safeguards we implement and maintain in accordance with data protection laws to protect personal data.

DISCLAIMER

We are committed to keeping your information secure by implementing appropriate technical and organizational measures to prevent unauthorized or unlawful processing, as well as accidental loss, destruction, or damage. While we strive to protect your personal data, we cannot guarantee its security when transmitted to other websites via the internet or similar connections. If you have been provided with (or have chosen) a password to access certain areas of our Sites, please keep this password safe. We will not share your password with anyone. As a user of our Services, you acknowledge and agree that you are responsible for safeguarding your account. You must not disclose your password to anyone or allow anyone to use your account.

10.Other Websites and Links

Our Platforms may contain links to third party websites (“Linked Websites”). This Privacy Policy does not cover collection or use of information by Linked Websites. We are not responsible for the privacy practices of Linked Websites. If you have questions about the privacy policies or practices of a Linked Website; you should contact the web administrator of the site directly.

11.Privacy Policy Changes

We may make changes to this Privacy Policy from time to time, and for any reason. You are advised to consult this privacy policy regularly for any changes, as we deem your continued use, following posting of any amendment, modification or change, approval of all changes.

12.Your Data Privacy Rights

1. Right to Rectification: Users can modify or change their name, email password, and mobile login PIN via their profile. For all other requests, such as updating email address or mobile number, please contact us at [email protected].
2. Right of Access, Right to Erasure, Right to Restrict Processing: Users can request access or erasure of their Personal Information, as well as request restriction on further processing of their Personal Information by contacting us at [email protected]. Please allow up to 30 (thirty) days for requests to be processed. The Company reserves the right to charge a reasonable fee to process excessive or repeat requests.
3. Right to Withdraw Consent: Users can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send, or by adjusting your Marketing Preferences in your profile. Users also have choices with respect to cookies, as described above and more particularly set out in the Cookie Policy accessible here.
4. Right to lodge a complaint with a supervisory authority: Should you feel your data privacy rights are not being adequately protected by the Company, you have the right to lodge a formal complaint with the Nigeria Data Protection Commission (NDPC).

1. Right to request Transfer: You may request the transfer of your Personal Information to you or a third party for any purpose outside the provision of the Services. Please note that this right applies only to information which you initially provided consent for us to use or where we used the information to provide our Services to you.
2. Available Remedies in The Case of Breach

In the case of a breach of any of the obligations with respect to your Personal Information being breached or compromised, please exercise your right to contact us through any of the channels highlighted below immediately. A data breach procedure is established and maintained in order to deal with incidents concerning personal data or privacy practices leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. On notification of such breach, we will investigate to determine if an actual breach has occurred, the actions required to manage such breach, communicate with the subject of the breach and take appropriate action under its dispute resolution framework to remedy such breach.

14. Contact Us

If you have questions regarding your data privacy rights or would like to submit a related data privacy right request, please email us at [email protected]. Please allow up to 30 days for requests to be processed. The Company reserves the right to charge a reasonable fee to process excessive or repeat requests.

If you have general questions concerning this Privacy Policy, please contact us at: [email protected]

Tel: [●+234 908 752 2472]

VFD Microfinance Bank Limited

Address: 5^th Floor, Elephant House, 214, Broad Street, Lagos Island, Lagos, Nigeria