At Octopus Microfinance Bank (hereinafter called “Octopus”), we treat your personal information as private and confidential. We are dedicated to protecting your privacy and providing you with the highest level of security at any point of interaction with us. This Privacy Policy regulates how your personal information is used and protected by Octopus. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By continuing to visit our website (www.octopusmfb.com) and other Octopus customer touchpoint, you accept the use and processing of your personal information in line with this policy
• We collect information about you from a variety of sources, such as: website visits, applications, identification documents, curriculum vitae, personal financial statements, interactions with relationship managers, and other third parties (credit bureaus, payment gateways, other financial institutions…) and other written or electronic communication reflecting information such as your name, address, passport details, identification numbers, biometric information, telephone number, occupation, assets, income and any other information we deem necessary.
• We may also use your transactional account history including your account balance, payment records, and debit/credit card usage. We may also use information received from third parties such as family, solicitors, friends or employers, website/ social media pages made public by you, government agencies, regulators, supervisory or credit agencies.
• We may also collect other information such as video footages of you whenever you step into any of our branches, telephone conversations when you call any of our contact centre lines, geographic information of any of our branch ATMs when you use our ATMs. Please note that we may collect information about your computer (or mobile device), including where available your IP address, operating system and browser type, for system administration or for our commercial purposes. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
We commit to the confidential treatment and processing of your and non disclosure of your information to any person outside our organization except as described in this Privacy Policy.
A cookie is a small text file stored on your computer or mobile devices whenever you visit a website. It’s function includes storing your login and session statuses, recording your user preferences and analyzing web traffic. Cookies enable websites and applications to store your user preferences in order to enhance your overall website experience by better understanding your preferences, likes and dislikes. They also allow websites to identify when users are logged on their site and when they return to their site, test new content and analyse web traffic with data analytics. Apart from the data that you elect to disclose and share with us, we cannot access your computer or any other information about you with cookies. Please note that you can amend your browser settings to disable cookies. This may however prevent you from fully experiencing the website as it was intended.
The collection and use of personal data by Octopus is guided by certain principles. These principles state that personal data should • Be processed fairly, lawfully and in a transparent manner.
• Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with such purposes.
• Be adequate, relevant and limited to what is necessary to fulfil the purpose of processing.
• Be accurate and where necessary, up-to-date. In the event data is inaccurate, steps should be taken to rectify or erase such data.
• Not be kept for longer than necessary for the purpose of processing.
• Be processed in accordance with the data subject’s rights.
• Be kept safe from unauthorised processing, and accidental loss, damage or destruction using adequate technical and organizational measures. Any personal information provided by you to Octopus will be used with your consent, or when we have another lawful reason.
These include:
• where processing of personal data is required for the fulfilment of a contractual obligation.
• where processing of personal data is required for compliance with legal and/or regulatory requirements.
• where processing is required to protect your vital interest or that of any other natural person.
• where processing is required for an activity to be carried in significant public interest.
where processing is required for legitimate interests of Octopus, its subsidiaries, partners or a third party insofar as this does not conflict with the requirements for the protection of your personal data.
Your personal information is used in:
• Updating and enhancing Octopus’ records.
• Establishing your identity and assessing applications for our products and services.
• Executing your instructions and managing our relationship with you.
• Pricing and designing our products and services.
• Administering our products and services.
• Managing our risks.
• Identifying and investigating illegal activity such as fraud.
• Contacting you, for example in instances where we suspect fraud on your account or when the need arises to tell you about recent occurrences in the banking sector or some event(s) of significance.
• Conducting and improving our businesses and improving your experience with us.
• Reviewing credit or loan eligibility.
• Preventing money laundering or terrorism financing activities.
• Complying with our legal obligations and assisting government and law enforcement agencies or regulators/supervisors.
• Identifying and informing you about other products or services that we think may be of interest to you.
• Processing your job application if you apply for a job with us.
We may also collect, use and exchange your information in other ways permitted by law.
We sometimes use automated systems and software to help us reach decisions about you, for example, to make credit decisions, to carry out security, fraud and money laundering checks, or to process your data when you apply for some of our products and services. This type of processing is carried out under lawful basis and you can contact us to request that automated processing be reviewed by a human being if you detect any inaccuracies in your personal data.
We may share the information about you and your dealings with us, to the extent permitted by law, with the following:
• Octopus Branches and Subsidiaries;
• Regulators/Supervisors, Government Agencies/courts — It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence for Octopus to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.;
• External Auditors;
• Octopus’ staff;
• Credit Agencies;
• Correspondent banks;
• Octopus’ strategic partners/service providers — for the purpose of improving and providing our products and services to you. Your Personal information will not be shared with third parties for their marketing purposes. We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party. Information about our customers and their usage of our website is not shared with third parties for their marketing purposes. We do not disclose any information about any user’s usage of app or our web site except in specific cases, and we do not share information with any unaffiliated third parties for marketing purposes unless you expressly give us permission to do so.
We take appropriate technical and organizational measures to prevent loss, unauthorized access, misuse, modification or disclosure of information under our control. This may include the use of encryption, access controls and other forms of security to ensure that your data is protected. We require all parties including our staff and third-parties processing data on our behalf to comply with relevant policies and guidelines to ensure that information is protected in use, when stored and during transmission. Your personal information with us remains secure because:
• We use strict security measures and technologies to prevent fraud and intrusion.
• Our Security controls and processes are regularly updated to meet and exceed industry standards.
• Our employees are trained to respect the confidentiality of any personal information held by us. Where we have provided you (or where you have chosen) a password which grants you access to specific areas on our site, you are responsible for keeping this password confidential. We request that you do not to share your password or other authentication details (e.g. PIN number, token generated codes) with anyone.
All Personal Information you provide to us is stored on our secure servers as well as secure physical locations and cloud infrastructure (where applicable) for the purposes of providing seamless services to you, including but not limited to ensuring business continuity, the data that we collect from you may be transferred to or stored in cloud locations at globally accepted vendors’ data centre. s Whenever your information is transferred to other locations, we will take all necessary steps to ensure that your data is handled securely and in accordance with this privacy policy
We retain your data for as long as is necessary for the purpose(s) that it was collected. Storage of your data is also determined by legal, regulatory, administrative or operational requirements. We only retain information that allows us to comply with legal and regulatory requests for certain data, meet business and audit requirements, respond to complaints and queries, or address disputes or claims that may arise. Data which is not retained is securely destroyed when it is identified that it is no longer needed for the purposes for which it was collected.
The right to be informed To emphasize the need for transparency over the usage of personal data, we ensure fair processing of information typically through this privacy policy.
• The rights to access Users have the right to access information the Bank holds, access their personal data and other supplementary information and obtain information about how we process it.
• The right to restrict processing Users have a right to ‘block’ or withdraw their consent to our processing of your information, which you can do at any time. When processing is restricted, we are permitted to store the personal data, but not further process it.
• The right to rectification Users are entitled to have personal data rectified if it is inaccurate or incomplete. If this personal data in question has been disclosed to third parties, they must be informed of the rectification where possible. Octopus will also inform the individuals about the third parties to whom the data has been disclosed where appropriate.
• The right to erasure Users have the right to request the deletion or removal of personal data where there is no compelling legal or regulatory requirement for its continued processing. The Bank will make sure that this right is protected.
• The right to data portability We will ensure that personal data is moved, copied or transferred easily from one IT environment to another in a safe and secure way, without hindrance to usability.
• The right to object Users have the right to object to our processing of their information in some circumstance
Octopus’ websites, products, applications, and services may contain links to third-party websites, products and services. Our products and services may also use or offer products or services from third parties. Information collected by third parties, which may include such things as location data or contact details is governed by their privacy practices and Octopus will not be liable for any breach of confidentiality or privacy of your information on such sites. We encourage you to learn about the privacy practices of those third parties.
Octopus may interact with registered users on various social media platforms, including Facebook, Twitter, Google+, LinkedIn and Instagram. Please note that any content you post to such social media platforms (e.g. pictures, information or opinions), as well as any personal information that you otherwise make available to users (e.g. your profile) is subject to the applicable social media platform’s terms of use and privacy policies. We recommend that you review this information carefully in order to better understand your rights and obligations with regards to such content.
Individuals are responsible for making sure the information provided to the Bank is accurate and should inform the Bank on any changes as it occurs, this will enable us to update your information with us.
Octopus respects the privacy of children. We do not knowingly collect names, email addresses or any other personally identifiable information from children. We do not knowingly market to children nor do we allow children under 18 to open online accounts.
This policy may be revised in line with legal, regulatory and operating changes. Such revised versions will automatically become applicable to you. We will post any revisions we make to our Privacy Policy on this page and such revised policy becomes effective as at the time it is posted. We will notify you when any changes to our privacy policy have been made. We also encourage you to check this page from time to time for updates to this policy.
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@octopusmfb/.com or address your request to us a 24, Community Road, Ijanikin, Lagos.
24, Community Road, Ijanikin, Lagos
info@octopusmfbng.com