Who are we?

At ProvidusBank, our tailored financial services delivery include: Business Advisory, Portfolio Management, Personalised Relationship Management, Fast-tracked Service delivery and Self-service solutions, as such we treat your Personal Data as private and confidential.

This Privacy Policy describes what Personal Data we collect, what we do with it and how we protect it.

Our Corporate office is at 114, Adeola Odeku Street Victoria Island, Lagos. We majorly act as the Data Controller when processing your Personal Data, and occasionally, we act as Data Processors. Our designated Data Protection Officer can be reached on his email dpo@providusbank.com

This policy (together with our Terms and Conditions) describe how we handle your personal data. By continuing to visit our website (www.providusbank.com) you accept and consent to the practices described in this policy

What we do

At ProvidusBank we collect and process your Personal Data in accordance with this privacy notice (including our Terms and Conditions) and in compliance with the relevant data protection regulations and laws. This notice provides you with the necessary information regarding your rights and our obligations and explains how, why, and when we process your personal data.

Individuals to whom this Privacy Policy is addressed.

This privacy policy is addressed to:

• Recruitment Candidates
• Customers
• Vendors
• Website Visitors
• ATM Users
• Visitors
• CCTV Surveillance Subjects
• Recipients of electronic or other communications which contain or refer to this Privacy Policy

Information that we collect and how it is used.

We process your Personal Data to provide our products and services. We collect only necessary personal data and process it as specified in this Policy. We take your Data Privacy seriously and will not disclose, share, or sell your data without your consent, unless required by law. You can withdraw your consent for promotional offers and marketing at any time.

GENERAL

Data Subjects	Personal Data Processed	Business/Commercial Purpose for Processing	Lawful Basis for Processing
Recruitment Candidates	Name, address, phone number, email, passport photograph, CV/ resume, academic qualifications and certifications, employment history, and medical information.	To conduct recruitment exercises to identify qualified candidates to fill job openings (i.e., communicating with applicants during the recruitment process and making decisions on their suitability for roles applied). To ascertain the health status and fitness of prospective candidates for employment.	Consent Legal Obligation
Customers	Name, BVN, address, email, phone number, passport photograph, date of birth, card preferences, employment details, next of kin details, voice, card details, mobile device information including access to mobile camera, gallery & phone book.	To provide our tailored products and services. To provide support services when you call our business concierge number. To fulfill our KYC obligations prior to you opening an account with us. Electronic marketing communications via any means (including via email, telephone). To issue debit/credit cards and to facilitate payment processing. To conduct customer surveys.	Necessary step before entering a contract or for the performance of a contract. Legal obligation. Consent Consent Consent Consent
Vendors	Name, phone number, email address	To establish communication and ensure the delivery of contracted goods and services.	Necessary step before entering a contract or for the performance of a contract.
Website Visitors	Name, number, email, location. Unique ID, IP address, browser information.	To address requests contained within the forms. To generate statistics on website usage. To improve and customize your experience on our website.	Consent
ATM Users	Image snapshots	To verify that the person using the ATM card is indeed the authorized user. To assist our investigation when a transaction dispute happens.	Legal obligation
Visitors	Name, photograph, signature.	To properly manage visitor access and issue visitor tags.	Legitimate Interest
CCTV	Physical appearance of individuals captured on video footage	This monitoring is conducted in the public interest to ensure a secure environment.	Legitimate Interest

Please note that the personal data elements we have identified in the table above is not an exhaustive list.

We collect Information in the below listed Ways

• Online forms, Website, Hard Copy Forms, Email, Employment CV's, Mobile camera etc.

Retention of Information

ProvidusBank only retains personal data for as long as necessary under applicable regulations. The length of time your personal data is stored depends on the purpose of data processing, with the data being retained only as long as reasonably required by law or best practice

Children's Privacy

Our website or application is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete it.

Your Rights

You have the right to access any Personal Data that we process about you and to request information about:

• What personal data we hold about you
• The purposes of the processing
• The categories of personal data concerned
• The recipients of your personal data or who it will be disclosed to
• How long we intend to store your personal data for
• If we did not collect the data directly from you, information about the source.

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

In some circumstances, you also have a right to request a portable extract of your personal data, which will allow you to reuse your personal data for your own purposes. You also have a right to lodge a complaint to the data protection supervisory authority (Data Protection Commission for Nigeria) in your country.

You also have the right to request the erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to certain processing operations we conduct; and not to be subject to any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request. This is to ensure that your data is protected and kept secure.

Sharing and Disclosing Your Personal Data

We do not share or disclose any of your Personal Data without your consent, other than for the purposes specified in this notice or where there is a legal requirement. We use [a third-party/third-parties] to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Law enforcement

Under certain circumstances, we may be required to disclose Your Personal Data if required to do so by Law or in response to valid requests by public authorities (e.g. a court or a government agency).

Third-Party Services

We may use third-party services on our website or applications. These services may collect, and process personal information on our behalf. We ensure that these third-party services are reputable and comply with applicable data protection laws.

• External Auditors
• Credit Agencies.
• Correspondent banks.

Protecting and Safeguarding Your Information

We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure, or destruction and have implemented security controls at several layers of our IT infrastructure, including but not limited to network security, encryption, restricted access, firewalls, anti-virus/malware, and other forms of security to ensure that your data is protected.
We require all parties, including our staff and third parties processing data on our behalf, to comply with relevant policies and guidelines to ensure the confidentiality and protection of information in use, during storage, and during transmission. Our security controls and processes are regularly updated to meet and exceed industry standards.

Transfers Outside Nigeria

ProvidusBank puts in place safeguards to ensure that the recipient adequately protects the personal data. With respect to the transfer of personal data from Nigeria to outside the country, ProvidusBank Limited will not transfer, or permit your personal data to be transferred to another country unless the recipient country is subject to a law, binding corporate rules, contractual clauses, code of conduct, or certification mechanism that affords an adequate level of protection with respect to the personal data in accordance with the Nigeria Data Protection Act. Where permitted, and as applicable, we will rely on the individual’s consent.

For more information about specific transfer mechanisms, including information on existing safeguards implemented by ProvidusBank Limited, please contact us at dpo@providusbank.com.

Legitimate Interests

As noted in the 'How We Use Your Personal Data' section of this notice, we occasionally process your Personal Data under the legitimate interests' legal basis. Where this is the case, we have carried out a thorough Legitimate Interests' Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests, ensuring that they are proportionate and appropriate.

Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.

Sensitive Data

Owing to our Legal/Regulatory obligations, ProvidusBank sometimes needs to process sensitive Personal Data (known as sensitive data) about you, to [uniquely identify/ distinguish you and sometimes for regulatory reasons]. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and identify a compliant legal basis for doing so.
Where we rely on your consent for processing sensitive data, we will obtain your explicit consent through [a signature/explicit mechanism]. You can modify or withdraw consent at any time, which we will act on immediately unless there is a legitimate or legal reason for not doing so.

Links to Other Websites

Our website does not contain links to other sites that are not operated by us. If however in future we add third party sites to our website so that when you click on a third party link, You will be directed to that third party's site, We strongly advise You to review the Privacy Policy of every site You visit
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page
We will let You know via email and/or a prominent notice on our service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, you can contact us:

1. By email: businessconcierge@providusbank.com
2. dpo@providusbank.com
3. By Address: 114, Adeola Odeku Street Victoria Island, Lagos