Privacy Policy

Home » Privacy Policy
  1. INTRODUCTION

 Paydot is a registered financial firm under Petjoa Global Investment Limited. We provide financial services to a wide variety of customers including individuals, small and medium enterprises, large corporate and multinationals, governmental institutions and non-governmental institutions. Our services are provided at our agent’s outlets and through e-channels including the Internet.  

Customers and potential customers can access our services through these channels including our website www.paydotng.com  

This document details the policies of Paydot guiding the collection, use, storage, destruction and disclosure of this personally identifiable information.  

This policy document is available on our website at www.paydotng.com and our agent’s outlets. Please read it thoroughly before accessing our service. By opening an account or accessing or subscribing to any of the services, you give consent to the processing of your personal data in accordance with this policy.  

Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions on www.paydotng.com.  

Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us. 

  

1.1 Glossary “Consent” of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, through a statement or a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;  

“Data” means characters, symbols and binary on which operations are performed by a computer, which may be stored or transmitted in the form of electronic signals, stored in any format or any device;  

“Data Protection Officer or DPO” means the person appointed as such under the Data Protection Laws and in accordance with its requirements. A DPO is responsible for advising Paydot (including its employee) on their responsibilities under the Data Protection Laws, for monitoring compliance with Data Protection Law;  “Data Subject” means any person, who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;  

“NDPR” means the Nigeria Data Protection Regulation, 2019;   

“Our Services” means the online financial services provided by paydot to the customer, which include but not limited to Online and transactions done at our agent’s outlet;   

“Personal Data” means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, account details, posts on social networking 

  

websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal Identifiable Information (PII) and others;   

“Personal Identifiable Information (PII)” means information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in a context  

“PCI DSS” means Payment Card Industry Data Security Standards   

“Processing” means any operation or set of operations, which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;    

  1. INFORMATION COLLECTION AND USE

 We collect several different types of information for various purposes to provide and improve our services to you.   

2.1. Types of Data Collected  

Personal Data While using our services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally, identifiable information may include, but is not limited to: 

  

Name and Contact Data: We collect your first, middle and last name, email address, paydot verification number, postal address, phone number, signature, date of birth, an identification document such as a copy of driver’s license, international passport, national identity card, and other similar contact data.   

Credentials: when you subscribe to any of our products, particularly our e-channels products (online/mobile transactions) you may be required to provide a User ID, a password, details from a token response device, password hints and similar security information used for authentication and account access. You may also be required or opt to use biometric identification to access your account and authenticate transactions. While this information is required to ensure that you carry out transactions securely, appropriate security measures have been implemented to protect these data including encryption and storage in a secured environment, if required.   

We collect data necessary to process your payment if you make payment/transfers, such as your card number and the security code associated with your payment card. All payment data are processed, transmitted and stored securely in line with PCI DSS requirements. 

  

Usage Data: We may also collect information that your browser sends whenever you access our online services and or when you access the services by or through a mobile device (“Usage Data”).  

This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.  

When you access services by or through a mobile device, this Usage Data may include the following:   

Geo-Location information: We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.  

Mobile Device Access: We may request access or permission to certain features from your mobile device, including your mobile device’s camera, calendar, Bluetooth, contacts, storage and other features. If you wish to change our access or permissions, you may do so in your device’s setting.  

Mobile Device Data: We may automatically collect device information (such as your mobile device ID, model and Manufacturer), operating system, version information, IP address and diagnostic data.  

Tracking & Cookies Data: We use cookies and similar tracking technologies to track the activity on our Service   

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.  

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.   

2.2. Use of Analytics to Collect/Monitor/Analyze Data We may use third-party Service Providers to monitor and analyze the use of our Service.   

  • Google Analytics Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.  

For more information on the privacy policies of Google, please visit the Google Privacy & Terms web page located at https://policies.google.com/privacy?hl=en   

Links to Other Sites Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.  

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.  

2.3. Use of Data The purpose of collecting personally identifiable information is to enable us to provide you with the paydoting services you have subscribed to and ensure that you are able to carry out transactions without hitches.  

The usage of data may be extended beyond the above whenever necessary for the purposes of meeting legal, regulatory, contractual obligations, and other legitimate business interests.  

Specifically, the use of paydot app could put your data into include but not limited to:  

  • To provide and maintain our services • To notify you about changes to our service • To allow you to participate in interactive features of our Service when you choose to do so • To provide customer care and support • To provide analysis or valuable information so that we can improve the Service • To monitor the usage of the Service • To detect, prevent and address technical issues • To facilitate account opening • To send you marketing and promotional communications for business purposes • To deliver targeted advertising to you for our Business Purposes and/or with your consent. We may use your information to develop and display content and advertising (and work with third parties who do so) tailored to your interests and or location and to measure its effectiveness   

 

  1. TRANSFER OF DATA

The world today is interconnected and so is the provision of financial services. For instance, there could be many counterparties involved for a transaction to be successfully completed. These include the personalization companies, the switching companies, processors, acquirers, merchants. Certain personal data will traverse these parties in the normal course of carrying out transactions.  

Save as related to the provision of financial services and meeting legal, regulatory, contractual, and other uses tangential or incidental to these, paydot will not share your personal data with a third party. Where it becomes necessary to do so, adequate security measures will be taken to protect the data from access by recipients other than those for which it is intended. All data we collect will reside in paydot computer systems in Nigeria. Where cloud services are used, adequate governance measures that apply to such cloud services will be complied with.  

Paydot will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.  

Transfer of Personal Data to Foreign Country Where Personal Data is to be transferred to a country outside Nigeria, paydot shall put adequate measures in place to ensure the security of such Personal Data. In particular, paydot among other things, conduct a detailed assessment of whether the said country is on the National Information Technology Development Agency (NITDA) White List of Countries with adequate data protection laws.   

Transfer of Personal Data out of Nigeria would be in accordance with the provisions of the Nigeria Data Protection Regulation, 2019 (NDPR). Paydot will therefore only transfer Personal Data out of Nigeria on one of the following conditions:   

  1. The consent of the Data Subject has been obtained;  
  2. The transfer is necessary for the performance of a contract between paydot and the Data Subject or implementation of pre- contractual measures taken at the Data Subject’s request;  
  3. The transfer is necessary to conclude a contract between paydot and a third party in the interest of the Data Subject;  
  4. The transfer is necessary for reason of public interest;  
  5. The transfer is for the establishment, exercise or defense of legal claims;  
  6. The transfer is necessary in order to protect the vital interests of the Data Subjects or other persons, where the Data Subject is physically or legally incapable of giving consent.  

Provided, in all circumstances, that the Data Subject has been manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country, this proviso shall not apply to any instance where the Data Subject is answerable in duly established legal action for any civil or criminal claim in a third country.  

Paydot will take all necessary steps to ensure that the Personal Data is transmitted in a safe and secure manner. Details of the protection given to your information when it is transferred outside Nigeria shall be provided upon the Data Subject’s request.  

Where the recipient country is not on the White List and none of the conditions stipulated in this Privacy Policy are met, paydot will engage with NITDA and the Office of the Honourable Attorney General of the Federation (HAGF) for approval with respect to such transfer.   

   

  1. DISCLOSURE OF DATA

We only share and disclose your information in the following situations:  

Compliance with Laws: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).  

Vital interests and Legal Rights: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.  

Vendors, Consultants and Third-party Service Providers: We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work, which is necessary to provide the envisaged financial services. Examples include but not limited to: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. For the purpose of service improvement, we may allow selected third parties to use tracking technology on the services which will enable them to collect data about how you interact with the services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this policy, we do not share, sell, rent, or trade any of your information with third parties for their promotional purposes.  

Business transfers: we may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.  With your consent we may disclose your personal information for any other purpose. 

   

  1. SECURITY OF DATA

The security of your data is important to us. We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet it itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our services is at your own risk. You should only access the services within a secure environment.   

  1. GENERAL PRINCIPLES FOR PROCESSING OF PERSONAL DATA

 paydot is committed to maintaining the principles in the NDPR regarding the processing of Personal Data.   

To demonstrate this commitment as well as our aim of creating a positive privacy culture within company, paydot adheres to the following basic principles relating to the processing of Personal Data:    

6.1 Lawfulness, Fairness and Transparency Personal Data must be processed lawfully, fairly and in a transparent manner at all times. This implies that Personal Data collected and processed by or on behalf of paydot must be in accordance with the specific, legitimate and lawful purpose consented to by the Data Subject, save where the processing is otherwise allowed by law or within other legal grounds recognized in the NDPR.   

 6.2 Data Accuracy Personal Data must be accurate and kept up-to-date. In this regard, paydot shall:  

  1. a) ensure that any data it collects and/or processes is accurate and not misleading in a way that could be harmful to the Data Subject;   
  2. b) make efforts to keep Personal Data updated where reasonable and applicable; and 
  3. c) make timely efforts to correct or erase Personal Data when inaccuracies are discovered.  

6.3 Purpose Limitation paydot collects Personal Data only for the purposes identified in the appropriate paydot Privacy Notice provided to the Data Subject and for which consent has been obtained. Such Personal Data cannot be reused for another purpose that is incompatible with the original purpose, except a new consent is obtained.   

6.4 Data Minimization  

6.4.1 paydot limits Personal Data collection and usage to data that is relevant, adequate, and absolutely necessary for carrying out the purpose for which the data is processed.  

6.4.2 The Paydot will evaluate whether and to what extent the processing of personal data is necessary and where the purpose allows, anonymized data must be used.  

6.5 Integrity and Confidentiality  

6.5.1 The Paydot shall establish adequate controls in order to protect the integrity and confidentiality of Personal Data, both in digital and physical format and to prevent personal data from being accidentally or deliberately compromised.  

6.5.2 Personal data of Data Subjects must be protected from unauthorized viewing or access and from unauthorized changes to ensure that it is reliable and correct.   

6.5.3 Any personal data processing undertaken by an employee who has not been authorized to carry such out as part of their legitimate duties is un-authorized.  

6.5.4 Employees may have access to Personal Data only as is appropriate for the type and scope of the task in question and are forbidden to use Personal Data for their own private or commercial purposes or to disclose them to unauthorized 

  

persons, or to make them available in any other way.   

6.5.5 Human Resources Department must inform employees at the start of the employment relationship about the obligation to maintain personal data privacy. This obligation shall remain in force even after employment has ended.   

6.6     Personal Data Retention  

6.6.1 All personal information shall be retained, stored and destroyed by The Paydot in line with legislative and regulatory guidelines. For all Personal Data and records obtained, used and stored within the Company, The Paydot shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity and requirement to retain.   

6.6.2 To the extent permitted by applicable laws and without prejudice to Paydot’s Document Retention Policy, the length of storage of Personal Data shall, amongst other things, be determined by:   

(a) the contract terms agreed between Paydot  and the Data Subject or as long as it is needed for the purpose for which it was obtained; or  

(b) Whether the transaction or relationship has statutory implication or a required retention period; or  

(c) whether there is an express request for deletion of Personal Data by the Data Subject, provided that such request will only be treated where the Data Subject is not under any investigation which may require Paydot to retain such Personal Data or there is no subsisting contractual arrangement with the Data Subject that would require the processing of the Personal Data; or  

(d) whether Paydot  has another lawful basis for retaining that information beyond the period for which it is necessary to serve the original purpose. 

   

 Notwithstanding the foregoing and pursuant to the NDPR, Paydot shall be entitled to retain and process Personal Data for archiving, scientific research, historical research or statistical purposes for public interest.   

6.6.3  Paydot would forthwith delete Personal Data in  Paydot’s possession where such Personal Data is no longer required by  Paydot  or in line with The Paydot ’s Retention Policy, provided no law or regulation being in force requires Paydot  to retain such Personal Data.   

6.7 Accountability  

6.7.1 Paydot demonstrates accountability in line with the NDPR obligations by monitoring and continuously improving data privacy practices within The Paydot .  

6.7.2 Any individual or employee who breaches this Privacy Policy may be subject to internal disciplinary action (up to and including termination of their employment); and may also face civil or criminal liability if their action violates the law.  

6.7.3 When a potential breach has occurred,  Paydot  will investigate to determine if an actual breach has occurred and the actions required to manage and investigate the breach as follows:  

  1. a) Validate the Personal Data breach.   
  2. b) Ensure proper and impartial investigation (including digital forensics if necessary) is initiated, conducted, documented, and concluded.  
  3. c) Identify remediation requirements and track resolution.  
  4. d) Report findings to the top management.   
  5. e) Coordinate with appropriate authorities as needed.  

  

  1. f) Coordinate internal and external communications.   
  2. g) Ensure that impacted Data Subjects are properly notified, if necessary.   
  3.   CHILDREN’S PRIVACY

The Paydot  has a children’s account called Children savings account. This account is opened and run by a child’s parent or guardian until the child reaches the age of majority. All personal information pertaining to such account is provided by the guardian. A parent or guardian should therefore read this policy thoroughly to understand how the data provided is handled.  

Other than as related to the operation of the aforementioned children’s account, Paydot does not enter into financial relationship with minors (persons under the age of 18).  

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers.    

  1. PERSONAL DATA RETENTION PERIOD

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). Upon request for account closure, your account will be closed but this closure will not involve deletion of historical records of the account for the reasons already stated. However, except as may be required by law or law enforcement agents and or regulators, further processing of the personal information related to the account will cease from the time of closure.   

   

  1. YOUR PRIVACY RIGHTS

 In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances as stated in section 2.8 of the Nigeria Data Protection Regulation, you may also object to the processing of your personal information. To make such a request, please use the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.  

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.  

If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://edpb.europa.eu/about-edpb/board/members_en   

Account Information If you would at any time like to review or change the information in your account or terminate your account, you can contact us using the contact information provided.  

Cookies and Similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features of our services to you. To opt-out of interest-based advertising by advertisers on our services visit http://www.aboutads.info/choices/  

Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in 

  

the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list – however, we will still need to send you service-related emails that are necessary for the administration and use of your account. To otherwise opt-out, you may:  

 Note your preferences when you register an account with the site  Access your account settings and update preferences  Contact us using the contact information provided   

  1. AUTOMATED INDIVIDUAL DECISION-MAKING OR PROFILING

We do not use any automated processing systems for coming to specific decisions – including profiling.   

  1.   TRAINING 

Paydot  shall ensure that employees who collect, access and process Personal Data receive adequate data privacy and protection training in order to develop the necessary knowledge, skills and competence required to effectively manage the compliance framework under this Privacy Policy and the NDPR with regard to the protection of Personal Data. On an annual basis, Paydot shall develop a capacity building plan for its employees on data privacy and protection in line with the NDPR.   

  1. DATA PROTECTION OFFICER

Paydot shall appoint a Data Protection Officer(s) (DPO) responsible for overseeing the Company’s data protection strategy and its implementation to ensure compliance with the NDPR requirements. The DPO shall be a knowledgeable person on data privacy and protection principles and shall be familiar with the provisions of the NDPR.   

The main tasks of the DPO include:  

  1. a) administering data protection policies and practices of  Paydot ;  
  2. b) monitoring compliance with the NDPR and other data protection laws, data protection policies, awareness-raising, training, and audits;  
  3. c) advice the business, management, employees and third parties who carry on processing activities of their obligations under the NDPR;  
  4. d) acts as a contact point for  Paydot ;  
  5. e) monitor and update the implementation of the data protection policies and practices of  Paydot  and ensure compliance amongst all employees of Paydot ;  
  6. f) ensure that Paydot  undertakes a Data Protection Impact Assessment and curb potential risk in Paydot  data processing operations; and  
  7. g) maintain a database of all Paydot  personal data collection and processing operations of Paydot .   
  8.   DATA PROTECTION AUDIT

 Paydot  shall conduct an annual data protection audit through a licensed Data Protection Compliance Organization (DPCO) to verify Paydot ’s compliance with the provisions of the NDPR and other applicable data protection laws.  

The audit report will be certified and filed by the DPCO to NITDA as required under the NDPR.    

  1. CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and making it available at our agent’s outlets .  

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.   

  1. CONTACT

Contact us If you have any questions or comments about this policy, you may contact our Data Protection Officer (DPO) by email at info@paydotng.com or by post to:  Data Protection Officer Paydot Suite A7 Mazado Plaza Shettima Monguno Crescent, Utako FCT Abuja Nigeria    

 

What We Do With Your Information

When you browse our site, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing (if applicable): With your permission, we may send you emails about us, new products and other updates.

SECTION 2

Consent

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at Info@paydotng.com  or mailing us at: Paydot suite a7 mazado plaza, plot 740 shettima monguno crescent utako, abuja fct. nigeria

SECTION 3

Disclosure

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4

Security

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

SECTION 5

Age Of Consent

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

SECTION 6

Changes To This Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.

Questions & Contact Information

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at Info@paydotng.com  or by mail at

 

Paydot
Re: Privacy Compliance Officer
SUITE A7 MAZADO PLAZA, PLOT 740 SHETTIMA MONGUNO CRESCENT UTAKO, ABUJA FCT. NIGERIA