Privacy & Cookie Policy (“Privacy Policy”)
Privacy Policy
PalmPay Limited and our affiliate companies (together "PalmPay" or "We" or "Our") are totally committed to protecting and respecting your privacy.
The Privacy Policy is applicable to all PalmPay services accessed by you. This Privacy Policy outlines how we collect and use the information you share with us, who we share the information with and how we protect the information you share with us in compliance with the Nigeria Data Protection Act, 2023.
PalmPay Limited and our affiliate companies (together "PalmPay" or "We" or "Our") are totally committed to protecting and respecting your privacy.
When you sign up and use PalmPay App or PalmPay Business App (the App), you accept the terms described within this Privacy Policy. We will not share your personal information with anyone except as described in this Privacy Policy.
In this policy "information" refers to any confidential and/or personal data or other information related to users of PalmPay services.
This Privacy Policy is designed to describe
- Who we are and how to contact us
- Your rights relating to personal data
- Marketing communication preferences
- What personal data we collect
- How we use your personal data and why
- Who we share your personal data with
- What information is stored and for how long
- How we protect your personal data
- Changes to this Privacy Policy
This Privacy and Cookies Policy is intended to meet our obligations under the “Nigerian Data Protection Act" or NDPA, a legal framework that sets guidelines for the protection and processing of personal information of individuals within Nigeria or residing outside Nigeria but of Nigerian descent.
Any modifications or changes to the Privacy Policy will be made on this page and you will receive notification through all our channels of service. If you are opposed to the changes, you may close your account. Continuous usage of PalmPay services after receipt of notification means you have understood and accepted the modifications or changes.
Who We Are
PalmPay is a modern financial platform meeting customers wherever they are: on their smartphones. We offer our customers the widest level of choice and financial access.
How to Contact Us
To exercise your rights or if you have any questions or concerns about this Privacy Policy, please contact us at: possupport@palmpay.com and 18885000;
We will investigate and work towards resolving your concerns in line with the provisions of the NDPA.
Your Rights Relating to Your Personal Data
You have the rights under this Privacy and Cookie Policy to:
- Request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you: This enables you to have any incorrect or incomplete information about you corrected.
- Request erasure of your personal data: This enables you to ask us to delete or remove Personal Data where there is no legal reason for us continuing to process it or you object to us processing it (see below).
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your situation, which makes you want to object to processing of your Personal Data on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent. This right only exists where we are relying on consent to process your Personal Data ("Consent Withdrawal"). If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our Site. We will advise you if this is the case at the time you withdraw your consent.
How to Exercise Your Personal Rights
If you wish to exercise any of the rights above, please contact us using the details in Who we are and How to contact us.
You will not have to pay a fee to access your personal data (or to exercise any right), however, we may charge a reasonable fee for consent withdrawal if your request is clearly unfounded, repetitive or excessive. In the event of these circumstances, we may refuse to comply with your request.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights).
This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Complaints
If you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please contact us at: possupport@palmpay.com; and 18885000.
We endeavour to reply to your complaint as soon as possible.
If you feel that your complaint has not been adequately resolved, the NDPA gives you the right to contact lodge a complaint with the relevant supervisory authority.
Marketing Communication Preferences
If you would like us to stop sending marketing messages or modify your email preferences at any time, please follow any of these procedures:
- Follow the opt-out messages sent in any of the emails;
- Go through the notification switch off process in the settings on your application
- Contact us at anytime using the contact details in Who We Are and How to Contact Us.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us for processing for legitimate service-related purposes.
What Personal Data We Collect
A - Customer information
We collect and use any information you provide when engaging with our touchpoints. To use the PalmPay Services, you must provide your information via our registration, account upgrade, profile forms or other forms of KYC information requests.
This information includes, but it is not limited to:
- Information you provide when you sign up for a Palmpay wallet: Full name, e-mail address and phone number, PalmPay PIN, address, proof of address, real time location, occupation, whether you are male or female, date of birth.
- For some services we may also collect Bank Verification Number (BVN), National Identity Number (NIN), other ID documentation information, photograph and facial ID, (where applicable)
- When you opt to use the face authentication feature, we will use ARKit or similar technology to capture a three-dimensional map of your face and analyze your facial expressions. This face data is processed in real time to confirm your identity and to ensure that the photo or video “Selfies” being taken is of a live user.
Types of Personal Information Collected | Sources of Personal Information Collected | Business Purpose for Collection of Personal Information[1] | |
Identification Data | Full name, e-mail address and phone number, PalmPay PIN, address, proof of address, real time location, occupation, gender, date of birth, Bank Verification Number (BVN) | Directly from you, cookies and other tracking technologies, Public Sources. | Provide our Services, Identification, Communications, Security, Legal, Compliance and Regulatory Obligations, Marketing Purposes. |
Sensitive Personal Information (including Biometric Information) | National Identity Number (NIN), Precise Geolocation, Photos, Photo or Video “Selfies” | Directly from you, Cookies and other tracking technologies | Provide our Services, Identification, Legal, Compliance and Regulatory Obligations. |
Commercial Information | Purchase History, Transaction data | Directly from you. | Provide our Services, Identification, Legal, Compliance and Regulatory Obligations |
Internet / Network Activity | Device ID, and Device Settings (e.g., language preference, time zone), Login Information, Login History, Browser Type and Version, Browser Plug-In Types and Versions, Operating System and Platform, Google Analytics Cookies, and Information about your visit on our website. | Cookies and other tracking technologies | Provide our Services, Identification, Legal, Compliance and Regulatory Obligations. |
Professional & Employment Information | Business, Job Title, Business Associates, Corporate Affiliations. | Directly from you. | Provide our Services, Identification, Legal, Compliance and Regulatory Obligations. |
Audio, Electronic, Visual, or Similar Information | Customer Center Recordings. | Directly from you. | Provide our Services, Identification, Legal, Compliance and Regulatory Obligations. |
Additional information may be requested to participate in social media functions on our site, promotions or surveys and when you contact us to report a problem on our site.
If you communicate with our Customer Services team via e-mail, Live Chat or telephone your conversations may be recorded and stored for training and record keeping purposes. We use this information to measure and improve our Service quality.
B - Device information
The following information may be collected from you automatically when you use the PalmPay mobile app, but it is not limited to:
- Your contacts’ information such as their name and mobile number. We collect this information when you sync the address book on your device with the PalmPay app and we use this information where the provision of our services requires such access, for example airtime top-up and transfers.
- Details of your handset/device, unique device identifiers (IMEI or serial number), information about the SIM card, mobile network, operating system and browser settings. We use this information to protect our customers from service-related crime, enhance the services we offer and to help us understand how people use the Service.
C - Location information
Certain PalmPay features may require location information from your device’s GPS. With your consent this information will be collected for these services. You will be required to grant consent. Turning off location services may render some services unavailable.
D – Analytics
We may use in-app analytics technologies, like Google Analytics, to help improve and simplify the overall app, design and service. These tools track aggregated information about in app usage, provide performance measurements and allow better reporting on application failures.
We record when you install or uninstall PalmPay to help us track who is using the Service.
E – Tracking and Cookies
A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns.
PalmPay uses cookies to help PalmPay identify and track visitors, their usage of the PalmPay website, and their website access preferences. PalmPay visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the websites or decline the option of using cookies when they visit for the first time. Our services may not function property without the aid of cookies.
In respect of Customer information or information that enables us to identify you personally (‘Personal Information’). We have provided that following table to further outline the data that we collect:
Category of Personal Data collected | What this means |
Identity Data | First name, surname, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender, selfie picture, facial ID, identification document number, copies of ID documents, biometric data or other forms of identification. |
Contact Data | Your home address, work address, billing address, email address and telephone numbers. |
Online Presence Data | Links to your public account pages at social media websites, links to personal websites, and other online materials related to you. |
Financial Data | Your bank account and payment card details, statements about your wealth and financial situation. |
Transaction Data | Any details about payments to and from you and other details of subscriptions and services you have purchased from us. Data in respect of your transactions with third parties (including your credit history). |
Content Data | Any content you post to the Services not already included in another category, including without limitation, your profiles, questions, preference settings, answers, messages, comments, and other contributions on the Services, and metadata about them (such as when you posted them) (“Content"). |
Marketing and Communications Data | Your preferences in receiving marketing from us and our third parties and your communication preferences. If you correspond with us by email or messaging through the Services, we may retain the content of such messages and our responses. |
Behavioral Data | Inferred or assumed information relating to your behavior and interests, based on your online activity. This is most often collated and grouped into "segments". |
Technical Data | Security credentials (username and PIN/password) Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this application or website or use our services. |
Device Data | Your contacts’ information such as their name, mobile number, or email address. Details of your handset/device, unique device identifiers (IMEI or serial number), information about the SIM card, mobile network, operating system and browser settings. |
This personal data will be used to assist us in delivering the service that you signed up for; allow us to understand how services are being used by you; protect you and your account; improve our services and communicate new services and offers to you.
Who We Share Your Personal Data With
We may share your personal data with third parties as described in the table below. We consider this information to be a vital part of our relationship with you.
Recipients | Why we share it |
Our Affiliates | Our affiliates may access your Personal Data to help us develop, maintain and provide our Services and help manage our customer relationships (including providing customer support, customer liaison, fund advisory services, etc). |
Service Providers | Our service providers provide us support for our Services, including, for example, website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, auto-deduct services, analysis, identity verification, background and compliance reviews, fund administration, banking services, and other services for us, which may require them to access or use Personal Data about you. |
Professional Advisers | Our lawyers, accountants, bankers, auditors and insurers may need to review your personal data to provide consultancy, compliance, banking, legal, insurance, accounting and similar services. |
Legal and Taxing Authorities, Regulators, Law Enforcement Agencies and Participants in Judicial Proceedings | PalmPay may disclose your Personal Data if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organization or audit or to protect the safety of any person, to address fraud, security or technical issues, or to protect our legal rights, interests and the interests of others, such as, for example, in connection with the acquisition, merger or sale of securities or a business (e.g. due diligence). |
Advertisers | Certain users of the Services may have access to your Personal Data for the purpose of enabling them to interact with you and more effectively offer opportunities through the Site that are targeted towards your background and preferences. We may also allow third-parties, including ad servers or ad networks, to serve advertisements on the Site, and such third parties may be provided with access to your Personal Data to provide advertising tailored to your interests. |
Researchers | To enhance the public understanding of patterns and trends in the markets served by or Services, we may provide Personal Data to third parties under confidentiality obligations such as, for example, academics or contractors for research purposes. |
API Users | A limited number of partners have API access to portions of the Site. Examples of the most common API uses are OAuth and AML/accreditation verification of potential investors. |
Third Party SDK | Our APP connects to the software development kit (SDK) of some of our third party service providers and in such event your Personal Data may be collected or accessible by these servive providers. SDK used by us includes without limitation, bugly, appsflyer and google. We ensure that these service providers take extensive security measures with high level encryption in order to protect your Personal Information against loss, misuse or alteration. |
As we develop our business, we may buy or sell businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, we may also transfer your Personal Data as part of the transferred assets.
We may also share non personal data (such as anonymous usage data, data referring/exit pages and URL’s, platform types, number clicks, etc.) with interested third parties to help them understand the usage patterns for certain Services or conduct independent research based on such anonymous usage data.
If you request that we remove your Personal Data as described in Your Rights Relating to Your Personal Data, we will convey that request to any third-party with whom we have shared your data.
We will also use this data to process payments and comply with legal and regulatory obligations (see below).
How we use your personal data and Why
Payment information
To process payments on PalmPay, we need to share some of your personal information with the person or company with whom you are transacting. This information may include:
- Contact information (mobile number, e-mail address, personal photo)
- Payment information (card details, banking information, wallet balance)
We will not expose your credit/debit card number or bank account number to anyone you have paid or who has paid you through PalmPay, except with your express permission or if we are required to do so to comply with a subpoena or other legal action.
Identity Information
We collect and store personal information about you to comply with the relevant financial regulations.
Apart from the circumstance of complying with a Court Order, Arbitral Panel, Tribunal, Regulatory Directive or Order or any other legal or regulatory obligation, we do not disclose information about identifiable individuals to other parties, but we may provide them with anonymous aggregate information, such as the number of people of a certain age or sex who have performed certain transactions of a certain amount within a particular timeframe, for example.
Where we use a 3rd party service, with your consent, we may share your information in order to offer the service or improve the experience of that service. When you use such a service for the first time, you will need to review and agree to their terms and conditions, privacy policy and other related agreements where applicable.
In order to provide the Service to you as well as comply with applicable laws, we may verify and compare the personal information you provide to us with the relevant government authorities.
In respect of the NDPA
In respect of each of the purposes for which we use your Personal Data, the NDPA requires us to ensure that we have a legal basis for that use. The legal basis depends on the Services you use and how you use them. This means we collect and use your Personal Data only where:
- Contractual Obligations: We collect certain data from you to fulfil the contract we have with you, or to enter into a contract with you. We use this datato provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- Legitimate Interest: It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; or
- Legal Obligation: We need to process your data to comply with a legal or regulatory obligation.
Consent: We may also rely on your consent as a legal basis for using your Personal Data where we have expressly sought it for a specific purpose. If we do rely on your consent to a use of your Personal Data, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
What happens when you do not provide necessary personal data?
Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the Services). In this case, we may have to stop providing you with our Services.
How Information may be Disclosed
Your information may be shared in the following cases:
- to fulfil a request from the regulator or government entity with sufficient authority
- to fulfil other legal obligations such as a request from a court or a law enforcement agencies
- for regulatory reporting purposes
Business Transfer
In the unlikely event that PalmPay goes into administration or is acquired, a business transfer may occur. You consent to the successor company having access to the information maintained by PalmPay, including customer Account Information, and such successor company would continue to be bound by this Privacy Policy unless and until it is amended.
Where your personal information is stored
PalmPay is entirely committed to protecting the information we collect from you. We maintain appropriate administrative, technical and physical safeguards (i.e. firewalls, data encryption, competent security guards, etc). These processes are in place to prevent accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use of your information. We are also certified by the International Organization for Standardization (ISO) on information security management (ISO/IEC 27001).
To achieve the purpose stated in this Privacy Policy, PalmPay may transfer your personal data in line with the NDPA. Where PalmPay transfers your personal data to countries not certified with adequacy of protection by the Nigeria Data Protection Commission (NDPC), we shall ensure that informed consent is obtained from you and other relevant provisions of the NDPA are complied with, to guarantee that your personal data is adequately protected.
PalmPay is required to retain the details of transactions or payments you make via PalmPay after the transaction is completed. We will store these transactions for the required period under the financial regulations of your jurisdiction.
How long we store your Personal Data
We will retain your information for as long as your account is active, or it is reasonably needed for the purposes set out in How We Use Your Personal Data and Why unless you request that we remove your Personal Data as described in Your Rights Relating to Personal Data. We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes). This may include keeping your Personal Data after you have deactivated your account for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
Personal Data Breaches
We have a duty to self-report personal data breaches to the Nigerian Data Protection Commission within 72 hours of knowledge of such breach.
We shall immediately notify you of any breach to your personal data where such breach will likely result in high risks to your freedoms and rights.
Links to Other Websites
This Privacy & Cookies Policy applies only to the services. The Services may contain links to other websites not operated or controlled by PalmPay. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by us. Please remember that when you use a link to go from Services to another website, our Privacy and Cookies Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our site, is subject to the website’s own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.
Your Responsibilities
You are responsible for protection of your password or PIN in its entirety as communicated in our Terms and Conditions. You must not share your PalmPay password or PIN with anyone.
We will never request for your PIN or password via email or SMS or any other means. In the event you receive such communication, please disregard and contact us on: possupport@palmpay.com, and 18885000.
In the event you share your password with a third party, you will be held responsible for the consequences. If you believe your password or PIN has been compromised, please change it immediately and contact us.
Changes to this Privacy Policy
PalmPay may change its Privacy Policy from time to time, and at PalmPay’s sole discretion. We will notify you when changes have been made. By continuing to use the mobile application or website after the change, you agree to accept the new policy.
Contact Us
PalmPay ensures that our day-to-day processes comply with this Privacy Policy.
To contact us please send an email to possupport@palmpay.com; or call our hotline 18885000.
Applicable Law
This Privacy Policy shall be governed and construed in accordance with the relevant laws of the Federal Republic of Nigeria.