Riby Privacy Notice

1. General

FINANCE LIFE TECHNOLOGIES LIMITED (“RIBY”) is a limited liabilitycompany incorporated under Part A of the Companies and Allied Matters Act,Cap C20, the Laws of the Federal Republic of Nigeria, with RC No. 1214343and having its corporate office at Block G, House 4, Moore Road, Yaba, Lagos,Nigeria. RIBY is committed to safeguarding the privacy of our employees,clients, partners and visitors of our web sites and users of our products andservices.

This Privacy Notice is for the Riby Enumerator App (and associated website)used by Enumeration Agents (Agents) to collect data of Beneficiaries forrelevant schemes and programmes. Riby employs the Enumerator App(hereafter called “Riby Enumerator”) for capturing and collection ofinformation (personally identifiable information and otherwise) of both Agentsand Beneficiaries.

When this Notice mentions “we,” “us,” or “our,” it refers to RIBY, which is theco of your information and data. This privacy notice explains how we collect,store, use, manage, share, and delete your information when you use any ofour products, services and our websites.

When using the Riby Enumerator, you consent to the collection, transfer,processing,storage, disclosure, and use of your information in Nigeria andany other country we operate as described in this privacy notice. Thisincludes any information you choose to provide that is deemed sensitiveunder applicable laws.

This privacy notice is applicable to all users of Riby Enumerator, including theAgents and the Beneficiaries whose personal information are collected by the Agents.

2. What information do we collect?

2.1 In connection with the data capturing service we provide withRiby Enumerator, we collect personal and financial informationfrom you through the Agent using the Riby Enumerator app. Mostof this collection occurs during registration (on-boarding) – forspecific and relevant schemes and programmes for which wehave been saddled with the responsibility of data capturing.

2.2. These personal and financial information are necessary in orderto:

2.2.1. Verify the authenticity of the data collected;

2.2.2 Determine individual’s eligibility for the schemes;

2.2.3 Determine borrowers' eligibility for loans, whereapplicable;

2.2.4 Establish borrowers' and investors' ability to makeand request loans by verifying that they are at least 18years of age;

2.2.5 Grant loans to individuals and groups under relevantschemes and programmes, where applicable;

2.2.6 Trace and identify Beneficiaries for the purpose ofrepayment of loans, where applicable;

2.2.7 Guard against potential fraud and money laundering.

2.3. These personal and financial information include:

2.3.1. Your first, middle and last names

2.3.2. Your contact details (such as mobile/telephonenumbers, e-mail addresses)

2.3.3. Your date of birth

2.3.4. Your gender

2.3.5. Your photo data

2.3.6. Your fingerprint

2.3.7. Next of Kin details

2.3.8. Location

2.3.9. Your home address and telephone number

2.3.10. Your Bank Account information (including, but notlimited to, Bank Verification Number (BVN), Account nameand number, Credit history, where necessary etc.)

2.3.11. Other information to be collected from Agents mayinclude IMEI, Phone model, serial number of phone,Android Secure ID.

2.2.12 Additional personal information may be gotten fromthird party applications and other identification/verificationservices. For example, from your financial institution or aCredit Bureau. In addition, third parties may requestadditional information from Riby on your behalf orotherwise, and we may be obliged to provide thisinformation where this is within the confines of your consent to us or without your consent where it is requiredby law or law enforcement agents in the prevention,investigation or prosecution of a crime.

2.4 However, whenever you visit our website, our web serversautomatically collect non-personal information such as thedomain name of the Internet access provider, the Internetprotocol address used to connect your device to the Internet,the average time spent on our website, pages viewed,information searched for, access times, and other relevantstatistics.

2.5 This non-personal information is collected to enable us targetadvertisements to you, monitor and improve our websites,products and services. This too, will not be shared or disclosed tothird parties without your consent.

3. Consent

3.1 Riby collects, uses, transfers, processes and stores theinformation we collect from you with your consent given tothe facilitators (and by implication, Riby) of the schemes orprogrammes based on which we collect the information.

3.2 You hereby expressly grant the facilitator (and byimplication, Riby) of such schemes or programmes theconsent to collect, use, process, store, transfer suchinformation collected from you either as the Agent or the Beneficiary.

3.3 However, that consent can be withdrawn with a written orelectronic notice to the facilitators of such schemes orprogrammes which will then be forwarded to us forappropriate action, if we still retain your data.

3.4 Take note, however, that withdrawal of consent willprevent access to the benefits or usage of such schemes orprogrammes for which we collected your information andwithdrawal shall not affect the lawfulness of processingcarried out by us based on consent before its withdrawal.

4. Basis for collecting and using your information.

Apart from consent, the bases upon which we collect and use yourinformation include performance of contract, legal obligation, vital interest ofthe public, your vital interest and our legitimate interest or that of a thirdparty, if your rights and interests do not outweigh such legitimate interests.

5. What do we do with your information?

Personal data submitted by the Agent or collected by the Agent from thepotential Beneficiaries through the Riby Enumerator or any associatedwebsite will be used for the purposes specified in above and for otherpurposes for which you give your consent.

In each case, the purpose for which you are invited to submit yourinformation is clear.We will not use your information for purposes that arenot clear when you provide your details, and will not disclose it outside RIBYand beyond the facilitator of such schemes or programmes for which wecollected your information, except as mentioned elsewhere in this notice or toservice providers and partners acting on our behalf in relation to the purposefor which you have given your consent, or in other very limitedcircumstances, for example, where we are legally obliged to do so.

6. How do we store your information?

The personal information we collect from you through Riby Enumerator arestored at the Enumerator Backend and they are processed at our office inNigeria and any other data processing platforms used by our identifiable thirdparties.

If for any reason your information is to be processed or transferred outsideNigeria, we will ensure to observe all privacy and data protection regulations,policies and laws governing your data and such transfer outside Nigeria.

7. What Security measure do we take in protecting yourinformation?

RIBY is PCIDSS licensed. We take reasonable measures to protect yourinformation from physical and cyber risks, by using globally trustedinformation security management systems.

We have also developed a robust information management policy andpractice to safeguard against loss, theft, damage, as well as cyber risks toyour information. However, we cannot guarantee the security of yourinformation when you visit our web site. You shall bear the risks for yourinformation when you transmit it on our web site. In addition to ourreasonable measures, we advise that you;

a. Do not divulge your personal details to other parties, unless where thisis absolutely necessary;

b. Protect your personal computers/mobile gadgets against malware andmalicious activities;

c. Use strong passwords which are not easily deducible from yourpersonal details;

d. Log out of our systems after every session;

e. Notify us promptly as soon as you notice any irregular transaction onyour accounts;

f. And take other reasonable measures to protect your details andgadgets from third parties.

8. What are your Rights?

Rights of Access to Information

RIBY, by virtue of its European transactions and partnerships, is obliged tofollow the European General Data Protection Regulation (GDPR) and theNigeria Data Protection Regulation (NDPR). Thus, you have the right to obtainfrom us through the facilitator of the scheme or programme, confirmation asto whether or not personal data concerning you isbeing processed, whereand for what purpose. Further, we shall provide a copy of the personal data,free of charge, in an electronic format when you make such request throughthe facilitator.

Rights to be forgotten

Part of the expanded rights of data subjects outlined by the GDPR is the Rightto be Forgotten, also known as Data Erasure. The right to be forgottenentitles you to have us erase your personal data, cease further disseminationof the data, and potentially have third parties haltprocessing of the data. The conditions for erasure, as outlined in article 17 of the GDPR, include thedata no longer being relevant to original purposes for processing, or you arewithdrawing consent. However, you should also note that this right requiresus to compare your rights to "the public interest in the availability of thedata" when considering such requests.

Rights to update information

We have a legal obligation to ensure that your information is kept accurateand up to date. Please assist us to comply with this obligation by ensuringthat you inform us of any changes to your information. You also have theright to rectify any inaccurate information about you. When you wish to exercise your rights of access, erasure or to update information, kindly inform us through the facilitator of the scheme or programme to ensure that we can authenticate your requests.

Breach Notification

Under the GDPR, breach notification is mandatory, where a data breach islikely to “result in a risk for the rights and freedoms of individuals”. In lieu of this, we will take reasonable measures to inform you within 72 (Seventy-Two)hours of first having become aware of any breach to our systems, which mayresult in a risk to the information we hold about you.

Disclaimer:

Please be advised that requests made under the rights toAccess information,Erasure and Breach Notification are weighed inaccordance with place of residence. Clients and Partners ordinarily resident inEuropean Union countries have automatic entitlement to enforce these rights,and clients and Partners in other jurisdictions are entitled to these rights onthe basis of Riby’s discretion.

9. How long do we keep your information?

We keep your information for our records for at least six years, as prescribedby the law, notwithstanding that your account is active or no longer active.This is subject to your right to have us erase all your information and ourobligation to keep your records for legal purposes, for example where it issubject to a fraud or money laundering investigation

10. Anti-money laundering policies and procedures

Our Anti-Money Laundering (AML) and Combating Financing of Terrorism (CFT)policies are tailored to the recommendations of the Central Bank of Nigeria.We conduct client due diligence enquiries on each new client and personsconnected with them and conduct ongoing monitoring of existing clients.These enquiries are based on the Money Laundering (Prohibition) Act, 2011(as amended) “MLPA”, and the Terrorism Prevention Act 2011 (as amended)“TPA”, although if additional information is required by CBN guidelines onsame, that information will also be obtained. Where necessary for these purposes, we seek relevant information from thirdparty data suppliers. Where individuals have supplied personal data for thispurpose, we will only use it for that purpose and will keep it only as long asthe relevant AML and CFT data protection legislations require.We also have internal procedures to ensure that any suspicion of moneylaundering and terrorism are reported to the appropriate authorities wherethere is an obligation to do so. Our legal team and other relevant staffs areprovided with training on these issues.

11. How do we respond to legal requests or disputes which results from potential mishandling of information?

We are hopeful that you will not have a cause to be displeased about how we manage your data. However, in the unlikely event that you have a concernover how your information is being managed, processed or where it ismissing, you should;

Your Rights

- Submit a detailed complaint in writing (whether by electronic or writtenmeans) to us through the facilitator of the scheme or programme for whichwe collected your information.

- Wait for a response within 10 working days of receiving the complaint.

Our responsibilities

- Receive complaints, investigate, determine the outcome andcommunicate to you within 10 working days

- If unable to resolve, refer the matter to the appropriate authorities toresolve the issues at little or no cost to you.

12. Cookies

We are proud to inform you that we do not use cookies to collect yourinformation.

13. How will we notify you of changes to this notice?

We may change this notice from time to time by updating this page. We donot undertake to send a written notification of changes to this notice. Youshould check this page from time to time to ensure that you are kept abreastof any changes.

This privacy notice was last updated on 23 April 2020.