Abstract background image for page header

Privacy Policy

Last updated: October 26, 2023

1. Introduction

Paytins Nigeria Ltd. ("we," "our," or "us") is committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services through our APIs, websites, and applications (collectively, the "Service"). This policy is framed in compliance with the Nigerian Data Protection Regulation (NDPR).

2. Data We Collect

We collect information to provide and improve our services. The types of information we collect depend on your interaction with us.

  • Merchant Information: When you register as a merchant, we collect information about your business, including Business Name, CAC Registration Number, Business Address, and details of directors and significant shareholders for KYC/KYB (Know Your Customer/Know Your Business) purposes. We also collect contact information such as name, email address, and phone number of your authorized representatives.
  • End-User Information (as a Data Processor): When you use our APIs, we process data belonging to your end-users on your behalf. This includes transactional data such as payment amounts, recipient details for bill payments, beneficiary account details, and information required for virtual card issuance. You, the Merchant, are the Data Controller for this information.
  • Transactional Data: We collect details of all transactions processed through our platform, including amounts, timestamps, payment methods, and metadata related to cryptocurrency transactions (e.g., wallet addresses, transaction hashes).
  • Technical & Usage Data: We automatically collect information when you interact with our Service, such as your IP address, device type, browser information, API usage logs, and error logs.

3. Legal Basis and Purpose for Using Your Information

We only use your personal data when the law allows us to. Most commonly, we will use your data in the following circumstances:

  • To Perform Our Contract With You: To register you as a new merchant, provide API services, process transactions, and manage your account.
  • For Our Legitimate Interests: To manage risk, prevent fraud, improve our services, perform analytics, and ensure the security of our network.
  • To Comply With a Legal Obligation: To fulfill our legal duties related to Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and to respond to lawful requests from regulatory bodies.
  • With Your Consent: Where you have given us explicit consent, such as for sending you direct marketing communications.

4. How We Share Your Information

We do not sell your personal data. We may share your information with the following categories of third parties to provide our Service:

  • Financial Partners: Such as acquiring banks, issuing banks, card networks (Visa, Mastercard), and payment processors required to facilitate transactions.
  • Identity Verification Services: To assist with our KYC/KYB and fraud prevention processes.
  • Cloud & Technology Providers: Who provide data hosting, storage, and other infrastructure services.
  • Regulatory Authorities: When required by law, court order, or other governmental or law enforcement authority or regulatory agency.

5. Data Security

We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way. We are PCI-DSS compliant. We limit access to your personal data to those employees and third parties who have a business need to know. However, no method of transmission over the Internet is 100% secure.

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law, we are required to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for a minimum of five years after they cease being customers for regulatory purposes.

7. Your Legal Rights under NDPR

Under the Nigerian Data Protection Regulation, you have rights in relation to your personal data. These include the right to:

  • Request access to your personal data.
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request the transfer of your personal data to you or to a third party.
  • Withdraw consent at any time where we are relying on consent to process your personal data.

To exercise any of these rights, please contact us at [email protected].

8. International Transfers

We may transfer, store, and process your information in countries other than your own. Where we do so, we will ensure a similar degree of protection is afforded to it by ensuring that we use specific contracts approved for use which give personal data the same protection it has in Nigeria, or that the country has been deemed to provide an adequate level of protection.

Paytins Support

Powered by AI

Hey! I am Paytins AI. How can I help?

Privacy Policy | Paytins