Privacy Policy

Privacy Policy of ARCPAY Microfinance Bank Limited

Effective Date: January 1, 2024
Last Updated: May 31, 2025

ARCPAY Microfinance Bank Limited (“ARCPAY,” “we,” “our,” or “us”) is committed to protecting the privacy and personal data of our customers and stakeholders in compliance with the Nigeria Data Protection Act 2023 (NDPA) and other applicable financial regulations.

This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal data when you interact with us.

1. Data We Collect

We collect and process the following categories of personal data:

  • Identification Data: Name, date of birth, gender, nationality, occupation, address, passport photo, government-issued ID, BVN, NIN.

  • Contact Information: Phone number, email address, residential/business address.

  • Financial Data: Bank account details, transaction history, loan history.

  • Biometric Data: Fingerprints, facial recognition (where applicable).

  • Device/Usage Data: IP address, browser type, access times, geolocation, app usage data.

  • KYC/Compliance Data: utility bills, signature specimens, etc

2. Legal Basis for Processing Your Data

We process your personal data based on one or more of the following legal grounds:

  • Consent: Where you voluntarily provide information and agree to its use.

  • Legal Obligation: To comply with CBN, NDIC, NDPA, EFCC, or other regulatory requirements.

  • Contractual Necessity: For account creation, transaction processing, or service delivery.

  • Legitimate Interest: For fraud prevention, risk management, and business analytics.

3. How We Use Your Data

Your personal data is used for the following purposes:

  • To open and manage bank accounts

  • To process financial transactions (deposits, withdrawals, loans, transfers)

  • To verify identity (KYC)

  • To detect and prevent fraud, money laundering, or terrorist financing

  • To comply with legal and regulatory requirements

  • To provide customer support and respond to inquiries

  • To improve our products, services, and user experience

  • To conduct marketing, promotions, and service updates (with your consent)

4. Data Sharing and Disclosure

We may share your personal data with:

  • Regulatory Authorities: Such as CBN, NDIC, EFCC, NFIU, and courts of law where required by law.

  • Credit Bureaus & Verification Agencies: For loan evaluation, credit scoring, and identity validation.

  • Payment Service Providers & Partner Banks: To facilitate interbank transactions and settlements.

  • Technology and Cloud Providers: Who help operate our platform under strict data protection contracts.

  • Professional Advisers and Auditors: For compliance and legal advisory purposes.

We ensure that third parties receiving your data are contractually bound to maintain confidentiality and security.

5. Data Retention

We retain personal data only as long as:

  • Required by law and regulatory guidelines (e.g., CBN/NDIC minimum retention rules)

  • Necessary for the purposes outlined in this policy

  • Required for dispute resolution or audit

Data no longer needed will be securely deleted or anonymized.

6. International Data Transfers

Some of our service providers may process your data outside Nigeria. In such cases, we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)

  • Hosting in jurisdictions with adequate data protection laws

  • Secure cloud infrastructure (e.g., AWS, Microsoft Azure) with encryption protocols

7. Your Rights

You have the following rights under the NDPA:

  • Access: Request a copy of your personal data

  • Correction: Request correction of inaccurate or incomplete data

  • Deletion: Request erasure where legally permissible

  • Objection: Object to certain types of data processing

  • Withdrawal of Consent: Withdraw consent at any time (without affecting past lawful use)

  • Portability: Request transfer of your data in a usable format

To exercise any of these rights, contact our Data Protection Officer (DPO) at:
📧 inf0@arcpaymfb.com

8. Data Security

We implement industry-standard security measures including:

  • Data encryption at rest and in transit

  • Firewalls, intrusion detection, and access controls

  • Biometric and multi-factor authentication

  • Regular system vulnerability assessments

Despite our safeguards, no system is 100% secure. We promptly address any breaches.

9. Data Breach Notification

In the unlikely event of a data breach:

  • We will notify affected customers within 72 hours

  • We will inform the Nigeria Data Protection Commission (NDPC) and other relevant regulators

  • We will provide guidance on steps to secure your data

10. Updates to This Policy

This policy may be updated periodically in line with:

  • Changes to the law

  • Operational or technological changes

  • Regulatory instructions

We will notify you of any material changes via email, SMS, or our website.

11. Contact Information

Data Protection Officer (DPO)
ARCPAY Microfinance Bank Limited
📧 info@arcpaymfb.com

By continuing to use our services, you confirm that you have read and understood this Privacy Policy

Scroll to Top