Privacy
& Cookie Policy (“Privacy Policy”)
This Privacy Policy was
last updated on April 3,
2025
PLEASE READ THESE
PRIVACY POLICY CAREFULLY TO ENSURE THAT YOU UNDERSTAND EACH PROVISION. BY
CLICKING “SIGN UP”, OR OTHERWISE ACCEPTING THE TERMS AND CONDITIONS FOR THE USE
OF ANY PALMPAY SERVICES, YOU ARE SIGNIFYING THAT YOU HAVE READ AND UNDERSTOOD
THE TERMS OF THIS PRIVACY POLICY, AND AGREE TO BE BOUND BY IT AND ALL FUTURE
MODIFICATIONS TO THIS PRIVACY POLICY, AS WELL AS TO THE COLLECTION AND USE OF
YOUR INFORMATION AS SET OUT IN THIS PRIVACY POLICY.
This
Privacy and Cookies Policy is intended to meet our obligations under the
“Nigerian Data Protection Act" or NDPA, a legal framework that sets
guidelines for the protection and processing of Personal Data of individuals
within Nigeria or residing outside Nigeria but of Nigerian descent.
Personal
Data shall have the meaning stipulated by the NDPA
and shall include any information relating to an identifiable natural person or
information that enables us to identify you personally, which includes without
limitation, all forms of data as stipulated in Clause 4 - What Personal Data we
Collect.
This
Privacy Policy is designed to describe
- Who we are and how to contact us
- The
rights of users
- Basis
for processing
-
What personal data we collect
-
How we use your personal data and why
-
Who we share your personal data with
- Storage
and security of personal data
- Changes to this Privacy Policy
1.
Who We Are and How to
Contact Us
PalmPay is a modern
financial platform meeting customers wherever they are: on
their smartphones. We offer our customers the widest level of choice and
financial access including content, software, mobile services, financial
products and functionality offered on or through the PalmPay App, the PalmPay
Business App or any other platform as may be determined by PalmPay time to
time, (together the "Platform") (collectively, the
"Services").
If you have any
questions or complaint about this Privacy Policy or our practices in relation
to your Personal Data, please contact us at: possupport@palmpay.com and 18885000.
You may also
contact us at 2A Isaac John Street, GRA, Ikeja, Lagos.
We endeavour to reply
to your complaint as soon as possible. If you feel that your complaint has not
been adequately resolved, the NDPA gives you the right to contact or lodge a
complaint with the Nigeria Data Protection Commission.
2.
The Rights of Users
2.1.
Your Rights Relating to Your Personal Data
You have the rights
under this Privacy and Cookie Policy to:
- Request
access to your Personal Data: This enables you to receive a copy of the
personal data we hold about you and to check that we are lawfully processing
it.
- Request
correction of the personal data that we hold about you:
This enables you to have any incorrect or incomplete information about you
corrected.
- Request
erasure of your Personal Data: This enables you to ask us to delete or
remove Personal Data where there is no legal reason for us continuing to
process it or you object to us processing it (see below).
- Object
to Processing of your Personal Data: This right exists where we are relying
on a legitimate interest as the legal basis for our processing and there is
something about your situation, which makes you want to object to processing of
your Personal Data on this ground. You also have the right to object where we
are processing your Personal Data for direct marketing purposes.
- Request
the Restriction of Processing of your Personal Data: This enables you to
ask us to suspend the processing of Personal Data about you, for example if you
want us to establish its accuracy or the reason for processing it.
- Request
the Transfer of your Personal Data: We will provide to you, or a third
party you have chosen, your Personal Data in a structured, commonly used,
machine-readable format. Note that this right only applies to automated
information which you initially provided consent for us to use or where we used
the information to perform a contract with you.
- Withdraw consent: This right only exists
where we are relying on consent to process your Personal Data. If you withdraw
your consent, we may not be able to provide you with access to the certain
specific functionalities of our platform. We will advise you if this is the
case at the time you withdraw your consent.
2.2.
How to Exercise Your Personal Rights
If you wish to exercise
any of the rights above, please contact us using the details in Who we are and
How to contact us.
You will not have to
pay a fee to access your personal data (or to exercise any right), however, we
may charge a reasonable fee for consent withdrawal if your request is clearly
unfounded, repetitive or excessive. If you refuse to pay the fee we may refuse
to comply with your request.
We may need to request
specific information from you to help us confirm your identity and ensure your
right to access your Personal Data (or to exercise any of your other rights). This
is a security measure to ensure that Personal Data is not disclosed to any
person who has no right to receive it. We may also contact you to ask you for
further information in relation to your request to speed up our response.
We try to respond to
all legitimate requests within one month. Occasionally it may take us longer
than a month if your request is particularly complex or you have made a number
of requests. In this case, we will notify you and keep you updated.
3.
Basis for data processing
In respect of each of
the purposes for which we use your Personal Data, the NDPA requires us to
ensure that we have a legal basis for that use. The legal basis depends on the
Services you use and how you use them. This means we collect and use your Personal
Data where we need it to provide the Services to you, including to operate the
Services, to comply with a legal or regulatory obligation, to provide customer
support and personalized features and to protect the safety and security of the
Services.
We also process your
Personal Data based on our legitimate interests, provided that these interests
are not overridden by your data protection rights. These legitimate interests
include activities such as transaction processing, identity verification, conducting
research and development, marketing and promoting our services, and protecting
our legal rights and interests.
We may also rely on
your consent as a legal basis for using your Personal Data where we have expressly
sought it for a specific purpose. If we do rely on your consent to a use of
your Personal Data, you have the right to withdraw your consent at any time
(but this will not affect any processing that has already taken place prior to
the withdrawal of your consent).
But where we need to
process your Personal Data either to comply with law, or to perform the terms
of a contract we have with you and you fail to provide that data when
requested, we may not be able to perform the contract we have or are trying to
enter into with you (for example, to provide you with the functionalities of
the Services). In this case, we may have to stop providing you with our
Services.
4.
What Personal Data We Collect.
4.1.
Customer Information
To use the PalmPay
Services, you must provide customer information via our registration, account
upgrade, profile forms or other forms of KYC information requests.
Customer Information
includes, without limitation:
-
Full name, e-mail address and phone number, PalmPay PIN, address, proof
of address, real time location, occupation, whether you are male or female,
date of birth.
- Bank Verification Number (BVN), National
Identity Number (NIN), other ID documentation information.
-
Photographs, live videos and facial biometric data (where
applicable).
-
If you communicate with our Customer Services team via e-mail, Live Chat or
telephone your conversations may be recorded and stored for training, quality
assurance and record keeping purposes. We use this information to measure and
improve our Service quality.
Additional information
may be requested to participate in social media functions on our Platform,
promotions or surveys and when you contact us to report a problem on our Platform.
4.2.
Device Information
The following
information may be collected from you automatically when you use the Platform,
but it is not limited to:
- Your contacts’ information such as their name and mobile number. We
collect this information when you sync the address book on your device
with the Platform and we use this information where the provision of our
services requires such access, for example airtime top-up and transfers.
- Details
of your handset/device, unique device identifiers (IMEI or serial number),
information about the SIM card, mobile network, operating system and browser
settings. We
use this information to protect our customers from service-related crime,
enhance the services we offer and to help us understand how people use the
Service.
4.3.
Location Information
Certain PalmPay
features may require location information from your device’s GPS. With your
consent this information will be collected for these services. You will be
required to grant consent. Turning off location services may render some
services unavailable.
4.4.
Analytics
We may use in-app
analytics technologies, like Google Analytics, to help improve and simplify the
overall app, design and service. These tools track aggregated information about
in app usage, provide performance measurements and allow better reporting on
application failures.
We record when you
install or uninstall Platform to help us track who is using the Service.
4.5.
Tracking and Cookies
A cookie is a string of
information that a website stores on a visitor's computer, and that the
visitor's browser provides to the website each time the visitor returns.
PalmPay uses cookies to
help PalmPay identify and track visitors, their usage of the PalmPay website,
and their website access preferences. PalmPay visitors who do not wish to have
cookies placed on their computers should set their browsers to refuse cookies
before using the websites or decline the option of using cookies when they
visit for the first time. Our services may not function property without the
aid of cookies.
We have provided that
following table to further outline the Personal Data that we collect:
|
Category of Personal Data collected |
What this means |
|
Identity Data |
First name, surname,
maiden name, last name, username or similar identifier, marital status,
title, date of birth and gender, selfie picture, live photographs or videos, facial ID, identification
document number, copies of ID documents, biometric data or other forms of
identification. |
|
Contact Data |
Your home address,
work address, billing address, email address and telephone numbers. |
|
Online Presence Data |
Links to your public
account pages at social media websites, links to personal websites, and other
online materials related to you. |
|
Financial Data |
Your bank account and
payment card details, statements about your wealth and financial situation. |
|
Transaction Data |
Any details about
payments to and from you and other details of subscriptions and services you
have purchased from us. Data in respect of your transactions with third
parties (including your credit history). |
|
Content Data |
Any content you post
to the Services not already included in another category, including without
limitation, your profiles, questions, preference settings, answers, messages,
comments, and other contributions on the Services, and metadata about them
(such as when you posted them) (“Content"). |
|
Marketing and
Communications Data |
Your preferences in
receiving marketing from us and our third parties and your communication
preferences. If you correspond with us by email or messaging through the
Services, we may retain the content of such messages and our responses. |
|
Behavioral Data |
Inferred or assumed
information relating to your transaction pattern, behavior and interests,
based on your online activity. This is most often collated and grouped into
"segments". |
|
Technical Data |
Security credentials
(username and PIN/password) Internet protocol (IP) address, your login data,
browser type and version, time zone setting and location, browser plug-in
types and versions, operating system and Platform and other technology on the
devices you use to access this application or Platform or use our services. |
|
Device Data |
The contact
application on your device and your contacts’ information such as their name, mobile number, or email
address contained therein. Details
of your handset/device, unique device identifiers (IMEI or serial number),
information about the SIM card, mobile network, operating system and browser
settings. |
5. How we use your personal data and Why
5.1. Payment Processing
To process payments on
PalmPay, we need to share some of your personal information with the person or
company with whom you are transacting. This information may include:
-
Contact information (mobile number, e-mail address, personal photo)
-
Payment information (card details, banking information, wallet balance)
This personal data will
be used to assist us in delivering the service that you signed up for; allow us
to understand how services are being used by you; protect you and your account;
improve our services and communicate new services and offers to you.
We will not expose your
credit/debit card number or bank account number to anyone you have paid or who
has paid you through PalmPay, except with your express permission or if we are
required to do so to comply with a subpoena or other legal action.
5.2. Identity Verification
We collect and store
personal information about you to comply with the relevant financial
regulations.
The Identity Data we
collect is solely used for the purpose of authenticating your identity,
processing your transactions and preventing fraud. We do not use this data for
any other purpose. The information is processed in a manner that is secure and
in compliance with applicable laws and regulations concerning Identity Data.
Where we use a 3rd
party service, with your consent, we may share your Personal Data in order to
offer the service or improve the experience of that service. When you use such
a service for the first time, you will need to review and agree to their terms
and conditions, privacy policy and other related agreements where applicable.
In order to provide the
Service to you as well as comply with applicable laws, we may verify, compare
and validate the personal information you provide to us with the relevant
government authorities. As required by applicable regulations, we may need to verify
the accuracy of the Identity Data and Contact Data you provide to us, which may
require physical visits to the address you provide as your Contact Data
including your work, home, billing or contact address. We may also engage third
party service providers to verify the accuracy of this Identity Data, including
your Contact Data.
5.3. Marketing Communication Preferences.
If you would like us to stop sending marketing
messages or modify your email preferences at any time, please follow any of
these procedures:
-
Follow the opt-out messages sent in any of the emails;
-
Go through the notification switch off process in the settings on your
application
-
Contact us at anytime using the contact details in Who We Are and How to
Contact Us.
Where you opt out of
receiving these marketing messages, this will not apply to Personal Data
provided to us for processing for legitimate service-related purposes.
6.
Who We Share Your Personal Data With
We may share your Personal
Data with third parties as described in the table below. We consider this
information to be a vital part of our relationship with you.
We ensure that Personal
Data shared in the table above are provided to third parties under strict confidentiality
and data security obligations on only for the purposes stated above. If you
request that we remove your Personal Data as described in Your Rights Relating
to Your Personal Data, we will convey that request to any third-party with whom
we have shared your data. We are not, however, responsible for revising or
removing your Personal Data obtained by any third party who has previously been
provided with your information by us in accordance with this policy or any
third party to whom you have provided such information (whether by sharing your
login and password, or otherwise).
7.
Storage and Security of Personal Data
7.1.
Where your personal information is stored
PalmPay is entirely
committed to protecting the information we collect from you. We maintain
appropriate administrative, technical and physical safeguards (i.e. firewalls,
data encryption, competent security guards, etc). These processes are in place
to prevent accidental, unlawful or unauthorized destruction, loss, alteration,
access, disclosure or use of your information. We are also certified by the
International Organization for Standardization (ISO) on information security
management (ISO/IEC 27001).
To achieve the purpose
stated in this Privacy Policy, PalmPay may transfer your personal data to a country on the ‘white-list’ which is deemed
to have adequate data protection laws under the NDPR Implementation Framework
2020. Where PalmPay transfers your personal data to countries outside the
‘white-list’, we shall ensure that informed consent is obtained from you and
other relevant provisions of the NDPA are complied with, to guarantee
that your personal data is adequately protected.
7.2.
How long we store your Personal Data
We will retain your
information for as long as your account is active, or it is reasonably needed
for the purposes set out in How We Use Your Personal Data and Why unless you
request that we remove your Personal Data as described in Your Rights Relating
to Personal Data. We will only retain your Personal Data for so long as we
reasonably need to use it for these purposes unless a longer retention period
is required by law. This may include keeping your Personal Data after you have
deactivated your account for the period of time needed for us to pursue
legitimate business interests, conduct audits, comply with (and demonstrate
compliance with) legal obligations, resolve disputes and enforce our
agreements.
For example, PalmPay is
required to retain the details of transactions or payments you make via PalmPay
after the transaction is completed. We will store these transactions for the
required period stipulated under the financial data protection regulations of
your jurisdiction.
7.3.
Your Use of the Platform
You are responsible for
protection of your password or PIN in its entirety as communicated in our Terms
and Conditions. You must not share your PalmPay password or PIN with anyone.
We
will never request for your PIN or password via email or SMS or any other
means. In the event you receive such communication, please disregard and
contact us on: possupport@palmpay.com and 18885000.
In the event you share
your password with a third party, you will be solely responsible for any
consequence and loss arising thereof. If you believe your password or PIN has
been compromised, please change it immediately and contact us.
7.4.
Personal Data Breaches
We have a duty to
self-report personal data breaches to the Nigerian Data Protection Commission
within 72 hours of knowledge of such breach.
We shall immediately
notify you of any breach to your personal data where such breach will likely
result in high risks to your freedoms and rights.
8.
Changes to this Privacy Policy
PalmPay may change its
Privacy Policy from time to time, and at PalmPay’s sole discretion. We will
notify you when changes have been made. If you are opposed to the changes, you
may close your account. Continuous usage of PalmPay services after receipt of
notification means you have understood and accepted the modifications or
changes.
9.
Applicable Law
This Privacy Policy
shall be governed and construed in accordance with the relevant laws of the
Federal Republic of Nigeria.