We’re Yes Microfinance Bank Limited (‘we’, ‘our’, ‘us’) and operate under the name YesMFB. We’re registered with the Corporate Affairs Commission with the number RC1319067.
This policy describes what information we collect about you, how we collect and use the information you share with us, and with whom we share that information. You don’t have to share any information with us, but to use our services, we’ll need some information from you. This policy also contains information about when we share your personal information with third parties (such as our service providers and credit bureaus).
Information you give us on Yes Microfinance Bank Applications
We collect and use any information you supply when you interact with any of our touch points. When you open an account with us, you share details like your names, Bank Verification Number (BVN), identification documents, address and pictures. By using our card or any YesMFB Application to transact, you also share details of your transactions with us. Additionally, we may request explicit permission to see other information like your address book, location, photos and data from your phone camera. Other details we collect and what we do with them include;
If you contact us via our channels, we collect the following information so we can answer your questions or take action.
For the purpose of accessing our Services, the personal data we may collect include: title, date of birth, gender, business name, email address, mailing address, telephone number, bank verification number, national identification number, international passport number, means of identification, guarantors contact details, bank statements, usernames, password, your preferences, interests, feedback and survey responses, preference in receiving marketing information from us and our third parties and your communication preferences, etc.
Our primary goal in collecting the above stated personal data is to provide you with a safe, efficient, smooth and customised experience. This allows us to provide Services and features that most likely meet your needs, and to customise the Sites to make your experience safer and easier.
In order to provide you with access to the Services, or to provide you with better service in general, we may combine information obtained from other sources (for example, a third-party developer whose application you have authorised) and combine that with information we collect through the Sites
As part of our Know Your Customer (KYC) process, we run checks on the identity information you supply during signup. We will try to verify the authenticity and validity of the identification document that you have provided, either directly from the issuing authorities or through authorized service providers.
Also, when you request for credit or lending related products and services, we run further checks with the licensed credit bureaus for eligibility checks in line with regulations.
The Nigerian Data Protection Regulations 2019 (NDPR) requires that we have a lawful basis for processing your personal information.
The purpose of collecting your personal data is to give you an efficient, enjoyable, secure and seamless customer experience.
We may use your personal data for the following purposes:
We collect certain data from you to fulfill the contract we have with you, or to enter into a contract with you. We use this data to:
We have to ensure we aren’t breaking any laws by banking you by preventing illegal activities like money laundering, terrorism financing and fraud. To do this, we need your data to;
In some instances, we need to use the data you supply us for our legitimate interests. This means we’re using your data in a way that you might expect us to, for a reason which is in your interest and doesn't override your privacy, interests or fundamental rights and freedoms.
For certain information, we’ll ask for your consent. We’ll ask for your consent to:
In some instances, we will share the information provided with some third parties that we do business with, like card producers and credit bureaus, or with law enforcement agencies when required. Sharing of confidential customer information with these related third parties would be done in a secure manner.
We keep your information as long as you are a YesMFB customer and for any additional period as required under applicable law or regulations.
These retention requirements supersede any right to erasure requests under applicable data protection laws. We cannot therefore erase your data in relation to your YesMFB Account until after this time period, however we can assure you that your data will be held safely and securely whilst under our supervision.
We are basically storing and processing your personal data only as long as it is necessary to perform our obligations under the agreement with you or as long as the law requires us to store it.
That means, if the data is not required anymore for statutory or contractual obligations, your data will be deleted.
If you choose to delete your YesMFB account, we will delete any data you have previously given us, including the video of your face uploaded during the liveness check. However this is subject to the retention regulations that apply to such data as stipulated by the regulators.
Your personal data is protected by legal rights enshrined in the NDPR. These rights include the following:
- If you would like to exercise any of the above stated rights, please follow the following procedures:
At YesMFB, we’re extremely committed to respecting and protecting your personal information. If you have any worries, reservations or complaints about your personal information, please contact our Data Protection Officer by:
We will put in our best to fix the problem.
As a data subject, you have the right to exercise your data subject access rights as provided under the Nigerian data protection laws. These rights include but are not limited to the right to request access to your personal data, the right to rectification, erasure, restriction of processing, data portability, objection, and the right to object to automated decision-making and profiling.
To exercise your data subject access rights, please submit a written request to the contact details provided in this Privacy Policy. We may require additional information to verify your identity and ensure the security of your personal data. Upon receiving a valid request, we will promptly review and respond in accordance with the timeframes mandated by applicable data protection laws.
Please note that certain exceptions and limitations may apply to the exercise of these rights, as provided by law. If we are unable to fulfill your request due to legal obligations or exemptions, we may provide you with a clear explanation of the grounds for such denial or limitation.
We are committed to safeguarding your data subject access rights and will take appropriate measures to protect the confidentiality, integrity, and security of your personal data throughout the process of handling your access requests.
Please click here to download document
This document will be reviewed on a yearly basis, or more frequently if occasioned by changes or amendment to applicable data protection regulations. If we make any changes, we’ll add a note to this page and if there are significant changes we’ll let you know by email.
This policy was last updated on 21 February 2023.