Privacy Policy

Background

We’re Yes Microfinance Bank Limited (‘we’, ‘our’, ‘us’) and operate under the name YesMFB. We’re registered with the Corporate Affairs Commission with the number RC1319067.

This policy describes what information we collect about you, how we collect and use the information you share with us, and with whom we share that information. You don’t have to share any information with us, but to use our services, we’ll need some information from you. This policy also contains information about when we share your personal information with third parties (such as our service providers and credit bureaus).

What information do we collect?

Information you give us on Yes Microfinance Bank Applications

We collect and use any information you supply when you interact with any of our touch points. When you open an account with us, you share details like your names, Bank Verification Number (BVN), identification documents, address and pictures. By using our card or any YesMFB Application to transact, you also share details of your transactions with us. Additionally, we may request explicit permission to see other information like your address book, location, photos and data from your phone camera. Other details we collect and what we do with them include;

• Details you give when you sign up for a YesMFB account, like your BVN, date of birth, gender, phone number, residential address, and email address are in fulfillment of regulatory requirements.
• We collect a video of your face during a liveness check done to confirm that you're the one opening or upgrading your YesMFB account. We share this video with a third-party service provider to facilitate our liveness check.
• Device ID for easy recognition of the App user. This map the app user info to the device.
• We will not share the video of your face that we collect during a liveness check with advertisers or anyone else other than the third-party service provider that facilitates the liveness check process.
• If at any time you choose to withdraw your consent for us to use this video for your liveness check, we will delete it. However, please note that this would affect your ability to use your account as certain services are dependent on us processing your video for the liveness check.

Liveliness API

• We use the Liveliness API within the camera module to take the liveliness of the user in other to avoid robotic registration during our Know Your Customer (KYC) process. This process is required to meet account opening regulations.
• The YesMFB app collects the camera intrinsic matrix, facial expressions, orientation and location of the user's head, and the position of the camera to verify that the user is recording the video live.
• The video is shared with a third party service solely to verify the user's identity, after which it is deleted as required under applicable laws and regulations.
• The third party service is obligated to protect the user's data in accordance with data protections laws and is not allowed to use this data for any form of marketing or venture outside its agreement with us.
• The user can opt out of the video capture process at any time.

The information we collect when you contact us through our channels

If you contact us via our channels, we collect the following information so we can answer your questions or take action.

• The full name of the user
• The phone number used for calling
• an identification number;
• The address of the user
• Mobile Device ID for app customisation
• Bank Verification Number
• Any Nigeria valid ID (Driver’s License, National ID, International Passport or Voter’s Card).

For the purpose of accessing our Services, the personal data we may collect include: title, date of birth, gender, business name, email address, mailing address, telephone number, bank verification number, national identification number, international passport number, means of identification, guarantors contact details, bank statements, usernames, password, your preferences, interests, feedback and survey responses, preference in receiving marketing information from us and our third parties and your communication preferences, etc.

Our primary goal in collecting the above stated personal data is to provide you with a safe, efficient, smooth and customised experience. This allows us to provide Services and features that most likely meet your needs, and to customise the Sites to make your experience safer and easier.

Information we get from third parties

In order to provide you with access to the Services, or to provide you with better service in general, we may combine information obtained from other sources (for example, a third-party developer whose application you have authorised) and combine that with information we collect through the Sites

As part of our Know Your Customer (KYC) process, we run checks on the identity information you supply during signup. We will try to verify the authenticity and validity of the identification document that you have provided, either directly from the issuing authorities or through authorized service providers.

Also, when you request for credit or lending related products and services, we run further checks with the licensed credit bureaus for eligibility checks in line with regulations.

How do we use your information?

The Nigerian Data Protection Regulations 2019 (NDPR) requires that we have a lawful basis for processing your personal information.

The purpose of collecting your personal data is to give you an efficient, enjoyable, secure and seamless customer experience.

We may use your personal data for the following purposes:

• To provide the requested Services and support to you;
• To process transactions and send notices about your transactions to requisite parties;
• To verify your identity; This validates who you are
• To contact you at any time through your provided telephone number, email address or other contact details;
• To resolve disputes and troubleshoot problems;
• To manage risk, detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities;
• To detect, prevent or remediate violations of policies or applicable user agreements;
• To improve our services by implementing aggregate customer preferences;
• To manage and protect our information technology infrastructure;
• To notify you about activities on your account, troubleshoot problems with your account at anytime
• To provide customer service, including to respond to your enquiries and fulfill any of your requests for information;
• To send you important information regarding the services and/or other technical notices, updates, security alerts, support and administrative messages; As Yes MFB believes to be necessary:
  • To comply with a legal obligation. This applies where the processing is necessary for Yes MFB to comply with the law;
  • To enforce or apply this Policy; and
  • To protect Yes MFB’s legitimate interests, privacy, property or safety, and/or those of a third party as long as your rights do not override those interests.

Contractual Obligation

We collect certain data from you to fulfill the contract we have with you, or to enter into a contract with you. We use this data to:

• Give you the services we agreed to in line with our terms and conditions.
• Send you messages about your account and other services you use if you get in touch, or we need to tell you about something..
• Exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us.
• Investigate and resolve complaints and other issues.

Legal Duty

We have to ensure we aren’t breaking any laws by banking you by preventing illegal activities like money laundering, terrorism financing and fraud. To do this, we need your data to;

• Confirm your identity when you sign up or get in touch.
• Prevent illegal activities like money laundering, tax evasion and fraud.
• Keep records of information we hold about you in line with legal requirements.
• Adhere to banking laws and regulations (these mean we sometimes need to share customer details with regulators, tax authorities, law enforcement or other third parties).

Legitimate Interest of the data controller

In some instances, we need to use the data you supply us for our legitimate interests. This means we’re using your data in a way that you might expect us to, for a reason which is in your interest and doesn't override your privacy, interests or fundamental rights and freedoms.

Consent

For certain information, we’ll ask for your consent. We’ll ask for your consent to:

• Market and communicate our products and services. You can always unsubscribe from receiving these if you want to;
• Help protect you against fraud by tracking the location of your phone if you’ve authorised it;
• View your contact list for airtime purchases.

Who do we share your information with?

In some instances, we will share the information provided with some third parties that we do business with, like card producers and credit bureaus, or with law enforcement agencies when required. Sharing of confidential customer information with these related third parties would be done in a secure manner.

How long do we keep your data?

We keep your information as long as you are a YesMFB customer and for any additional period as required under applicable law or regulations.

These retention requirements supersede any right to erasure requests under applicable data protection laws. We cannot therefore erase your data in relation to your YesMFB Account until after this time period, however we can assure you that your data will be held safely and securely whilst under our supervision.

When do we delete your data?

We are basically storing and processing your personal data only as long as it is necessary to perform our obligations under the agreement with you or as long as the law requires us to store it.

That means, if the data is not required anymore for statutory or contractual obligations, your data will be deleted.

If you choose to delete your YesMFB account, we will delete any data you have previously given us, including the video of your face uploaded during the liveness check. However this is subject to the retention regulations that apply to such data as stipulated by the regulators.

What are your rights?

Your personal data is protected by legal rights enshrined in the NDPR. These rights include the following:

• - the right to be told how we use your personal data and obtain access to your personal data;
• - the right to have your personal data rectified or erased or place restrictions on processing your personal data;
• - the right to object to the processing of your personal data e.g. where the processing is based on our legitimate interests. Please note that this may prevent us from continuing to provide Services to you;
• - where the processing of your personal data is based on your consent, the right to withdraw that consent subject to legal or contractual restrictions;
• - the right to object to any decisions based on the automated processing of your personal data, including profiling; and
• - the right to lodge a complaint with the supervisory authority responsible for data protection matters.

- If you would like to exercise any of the above stated rights, please follow the following procedures:

• - put your request in writing and send it to us through your usual registered channel (e.g. by registered email).
• - specify the right you wish to exercise.

For more information or to exercise your data protection rights please, please contact our Data Protection Officer at contact@yesmfbank.com. We will endeavour to process all subject access requests within thirty (30) days and if any further extension is required, we will communicate same through existing consented channels – at no cost. However, please note that you may continue to receive existing communications for a transitional period whilst we update your preferences.

How to make a complaint

At YesMFB, we’re extremely committed to respecting and protecting your personal information. If you have any worries, reservations or complaints about your personal information, please contact our Data Protection Officer by:

• Sending a message via the app
• Emailing us at contact@yesmfbank.com
• Writing to us at 4, Adenubi Close, Off Majekodunmi Street, Allen Avenue, Ikeja, Lagos, Nigeria.

We will put in our best to fix the problem.

---

DATA SUBJECT REQUEST FORM

As a data subject, you have the right to exercise your data subject access rights as provided under the Nigerian data protection laws. These rights include but are not limited to the right to request access to your personal data, the right to rectification, erasure, restriction of processing, data portability, objection, and the right to object to automated decision-making and profiling.

To exercise your data subject access rights, please submit a written request to the contact details provided in this Privacy Policy. We may require additional information to verify your identity and ensure the security of your personal data. Upon receiving a valid request, we will promptly review and respond in accordance with the timeframes mandated by applicable data protection laws.

Please note that certain exceptions and limitations may apply to the exercise of these rights, as provided by law. If we are unable to fulfill your request due to legal obligations or exemptions, we may provide you with a clear explanation of the grounds for such denial or limitation.

We are committed to safeguarding your data subject access rights and will take appropriate measures to protect the confidentiality, integrity, and security of your personal data throughout the process of handling your access requests.

Please click here to download document

Changes to this document

This document will be reviewed on a yearly basis, or more frequently if occasioned by changes or amendment to applicable data protection regulations. If we make any changes, we’ll add a note to this page and if there are significant changes we’ll let you know by email.

This policy was last updated on 21 February 2023.