1.0 INTRODUCTION
Chibueze Microfinance Bank Ltd is a Microfinance Bank licensed in Nigeria by the Central Bank of Nigeria. We are located along Asa Road off Ehi Road, precisely inside CKC Compound, Aba, Abia State.
We provide microfinance banking services to a wide variety of customers, including individuals, small and medium enterprises, and low-income earners in both rural and urban areas—especially the people of Aba and its environs—along with governmental and non-governmental institutions.
Our banking services are provided at our branches and through electronic channels, including the Internet. Customers and potential customers can access our services through these channels, including our website: www.chibuezemfb.com.
By accessing our services—whether by opening an account at our branch, using e-channels, or subscribing to any of our products such as online banking, instant banking, or ATM card services—customers provide certain personally identifiable information.
This document details the Bank’s policies guiding the collection, use, storage, destruction, and disclosure of this personally identifiable information. The policy is available on our website and in our branches.
Please read it thoroughly before accessing our services. By opening an account or subscribing to any of our services, you give consent to the processing of your personal data in accordance with this policy.
Unless otherwise defined herein, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions available on www.chibuezemfb.com.
1.1 GLOSSARY
Consent: Freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes signifying agreement to the processing of Personal Data.
Data: Characters, symbols, or binary on which operations are performed by a computer, stored or transmitted in any format or device.
Data Protection Officer (DPO): The person appointed under the Data Protection Laws responsible for advising Chibueze Microfinance Bank on data protection compliance.
Data Subject: Any person who can be identified directly or indirectly by reference to one or more identifiers.
NDPR: Nigeria Data Protection Regulation, 2019.
Our Services: Online banking services provided by the Bank (e.g. mobile banking, instant banking).
Personal Data: Information relating to an identified or identifiable individual, such as name, address, email, BVN, phone number, photo, or any unique identifier (e.g. IP address, IMEI, SIM, MAC address).
PII (Personally Identifiable Information): Information that can identify, contact, or locate a single person.
PCI DSS: Payment Card Industry Data Security Standards.
Processing: Any operation performed on personal data, whether automated or not, including collection, storage, retrieval, use, dissemination, or destruction.
2.0 TYPES OF DATA COLLECTED
2.1 Personal Data
While using our services, we may request personally identifiable information such as:
Full name, email address, BVN, postal address, phone number, signature, date of birth, and identification documents (e.g. driver’s license, international passport, national ID, voter’s card).
2.2 Credentials
You may be required to provide user IDs, passwords, or biometric details for account access. These are secured with encryption and stored safely.
2.3 Payment Data
We collect payment information (e.g. card number, PIN, CVV) to process transactions, in line with PCI DSS requirements.
2.4 Usage Data
Includes browser type, IP address, device details, visited pages, and timestamps.
2.5 Mobile Device Data
Includes geolocation data, mobile device access permissions, and diagnostic information.
2.6 Tracking & Cookies Data
We use cookies, beacons, and similar technologies to analyze and improve our services.
2.7 Analytics
Google Analytics: Tracks and reports website traffic.
AddThis: Enables social media sharing and analytics.
2.8 Use of Data
We collect and use data to:
Provide and maintain services.
Notify you of service updates.
Provide customer support.
Analyze and improve services.
Detect and prevent fraud.
Facilitate account opening.
Send marketing communications (with consent).
3.0 TRANSFER OF DATA
Personal data may be transferred in the normal course of banking operations (e.g. with payment processors, card schemes). Chibueze Microfinance Bank ensures adequate protection measures for such transfers.
Where data is transferred outside Nigeria, we comply with the NDPR, ensuring:
Consent from the Data Subject.
Compliance with legal, contractual, or public interest obligations.
Transfers only to countries with adequate data protection laws (NITDA White List).
4.0 DISCLOSURE OF DATA
We may share your data:
a) To comply with legal obligations.
b) To protect legal rights and prevent fraud.
c) With vendors and third-party service providers who support our services.
d) During mergers or business transfers.
e) With your consent, where applicable.
5.0 SECURITY OF DATA
We implement appropriate technical and organizational measures to protect your data. However, no internet transmission is 100% secure, so users should access our services within a secure environment.
6.0 GENERAL PRINCIPLES FOR PROCESSING PERSONAL DATA
6.1 Lawfulness, Fairness, and Transparency
Data must be processed lawfully and transparently.
6.2 Data Accuracy
We ensure personal data is accurate and up-to-date.
6.3 Purpose Limitation
Data is collected only for specific, legitimate purposes.
6.4 Data Minimization
Only data relevant and necessary for processing is collected.
6.5 Integrity and Confidentiality
We maintain strong controls to prevent unauthorized access, alteration, or loss.
6.6 Personal Data Retention
Data is retained according to legal, regulatory, and operational requirements and deleted when no longer necessary.
6.7 Accountability
We maintain compliance and continuously improve data protection practices.
7.0 CHILDREN’S PRIVACY
The Bank maintains children’s accounts operated by parents/guardians until the child reaches maturity. No direct data collection from minors under 18 occurs without verified parental consent.
8.0 PERSONAL DATA RETENTION PERIOD
We retain personal data only as long as necessary for legal, contractual, or regulatory purposes. Upon account closure, data is archived but not deleted immediately.
9.0 YOUR PRIVACY RIGHTS
You have the right to:
Access and obtain a copy of your data.
Request correction or deletion.
Restrict or object to processing.
Withdraw consent.
Opt-out of marketing communications.
To exercise these rights, contact us using the details below.
10.0 AUTOMATED DECISION-MAKING / PROFILING
We do not use automated systems or profiling to make customer decisions.
11.0 TRAINING
The Bank provides annual training to staff handling personal data to ensure NDPR compliance.
12.0 DATA PROTECTION OFFICER
Data Protection Officer (DPO):
Responsible for implementing and monitoring data protection compliance.
Key duties include:
Administering privacy policies.
Monitoring NDPR compliance.
Advising management.
Conducting risk assessments and impact reviews.
13.0 DATA PROTECTION AUDIT
The Bank conducts an annual data protection audit through a licensed Data Protection Compliance Organization (DPCO), with reports filed to NITDA.
14.0 CHANGES TO THIS POLICY
We may update this Privacy Policy periodically. Changes become effective once posted on our website and in branches.
15.0 CONTACT US
Data Protection Officer
Uchenna Thelma Agu
Chibueze Microfinance Bank Ltd
Asa Road off Ehi Road, Aba, Abia State
📧 compliance@chibuezemfb.com
📧 info@chibuezemfb.com
📞 0803 257 9098