Privacy Policy
1. Introduction/Scope
This document is prepared in accordance with the provisions of the Nigeria Data Protection Act 2023 (NDPA). It sets out how Payment Island Services Limited applies and complies with the data privacy principles in processing the personal data of customers, staff, vendors, visitors, and even third parties that interact with Payment Island Services Limited.
For personal data of individuals, this document also highlights their rights and covers the data subject(s) whose personal data is collected and processed, in compliance with the NDPA.
This privacy policy describes why and how we collect and use personal information about our customers, clients, vendors, and visitors (data subjects). It also highlights with whom we might share Personal Information and how long we keep such information. It also makes data subjects aware of their rights under the Nigeria Data Protection Act 2023.
2. Roles/Responsibilities
Payment Island Services Limited Data Protection Officer (DPO) is responsible for ensuring that this document is correct and up-to-date. The DPO also ensures that data subjects are duly notified prior to the collection and processing of their personal data by Payment Island Services Limited including data collected via Payment Island Services Limited’s website. All Payment Island Services Limited employees/staff who interact with personal data must also ensure to follow the provisions in this policy document.
3. Policy Statement
Payment Island Services Limited is committed to protecting the privacy and security of data subjects’ personal data. We are responsible for determining how we hold and use personal information about our data subjects. According to the Nigeria Data Protection Act (NDPA), Payment Island Services Limited is required to notify data subjects of the information contained in this document.
3.1 About Payment Island Services Limited
Payment Island Services Limited is incorporated under the laws of the Federal Republic of Nigeria, with our registered office at NO: 45B, JABI, ANGUWAN RIMI, KADUNA STATE, NIGERIA. We provide adapted financial services to Micro, Small and Medium-sized Enterprises (MSMEs) and individuals in Nigeria. Payment Island Services Limited is a reputable technology-driven financial institution that is recognized for innovation, superior performance, and creation of premium value for all stakeholders.
3.2 What Personal Data Do We Need?
The personal data we would collect and process, depending on the particular processing requirement, are under the following categories:
Data Type
- Identity Data: Full Name, maiden name, marital status, title, NIN, date of birth, gender, address and employment history, and citizenship.
- Contact Data: Address, Email Address and Telephone Numbers
- Information received during your contact: face-to-face meetings, phone calls, emails, letters, and SMS
- Financial Data: Bank account information and bank statements, Bank verification Number (BVN), your income and outgoings, your financial position, status, and credit history, debit or credit card information and account number.
- Transaction Data: Information regarding the products and services you may have benefited from by using Payment Island Services Limited and any of its subsidiaries, transactional information including in respect of products which you purchase. Location data of transactions where you may use your debit card
- Technical Data: Internet protocol (IP) address, your login data, details of your browser and operating system, time zone setting and location, browser plug-in types and versions, platforms and other technology on the devices you use to access this website
- Profile Data: includes your username and password
- Job Application Data: data submitted throughout the recruitment process eg: name, email address. Any personal information you provide to Payment Island Services Limited as part of the recruitment process.
- Usage Data: includes information about how you use our website, products and services
- Marketing and Communications Data: Information about your communications with us. Your preferences in receiving marketing e-mails from us and consents you have given us
Where the personal data we need to collect may fall under a special category of sensitive personal data, Payment Island Services Limited lawful basis of processing will be the explicit consent of the individual, or where applicable, compliance with a legal obligation, or for legal proceedings/advice.
4. Why We Need the Data
Payment Island Services Limited ensures that the personal data collected and processed is necessary for the purpose of collection, and shall not collect or process more data than is reasonably required for a particular processing activity.
5. Legal Grounds for Processing
Payment Island Services Limited identifies, establishes, defines, and documents the specific purpose of processing and the legal basis for processing personal data (including any special categories of personal data processed) before any processing operation takes place under:
- Consent obtained from the data subject;
- Performance of a contract where the data subject is a party;
- Legal obligation that Payment Island Services Limited is required to meet;
- Protect the vital interests of the data subject, including the protection of rights and freedom of the Data Subject
- Official authority of Payment Island Services Limited or to carry out the processing that is in the public interest;
- National law such as biometric data.
In addition, every processing purpose has at least one lawful basis for processing to safeguard the rights of the data subjects, as listed below:
Purpose of Processing | Lawful Basis of Processing
- Account creation, identity verification and maintenance of records | Contract
- Vendor validation/information processing | Contract
- Employment Contract
6. Processing of Personal Data Based on Consent
Where applicable, Payment Island Services Limited will require the explicit consent of customers, visitors, and other relevant stakeholders to process collected personal data.
Visitors to Payment Island Services Limited website are expected to read and understand the website privacy notice, and then agreeing to the website’s terms of use.
Data subjects by consenting to the privacy policy gives Payment Island Services Limited the permission to use/process their personal data specifically for the purpose identified before collection.
On this ground, if any data subject (customer, client, visitor, vendor, staff, or third party) does not agree to Payment Island Services Limited collecting and processing their personal data, such individual is not allowed to enjoy Payment Island Services Limited service(s) where applicable.
If, for any reason, Payment Island Services Limited is requesting sensitive personal data from its stakeholders (external and internal), the individuals will be rightly notified why and how the information will be used.
Where processing relates to a child under 18 years old, as in the case of NDPA Payment Island Services Limited shall demonstrate that consent has been provided by the person who holds parental responsibility over the child. Payment Island Services Limited shall demonstrate that reasonable efforts have been made to verify the age of the child and establish the authenticity of the parental responsibility taking into consideration available technology.
6.1 Withdrawal of Consent
Irrespective of initial consent given, an individual can withdraw their consent at any time by making a withdrawal of consent request.
Payment Island Services Limited demonstrates the data subject (customer, client, visitor, vendor, staff, or third-party) has withdrawn consent to the processing of his or her personal data with a written instruction from the data subject.
For child consent, Payment Island Services Limited shall demonstrate that the holder of parental responsibility over the specified child has withdrawn consent via a written instruction from the parent. Payment Island Services Limited will also demonstrate that reasonable efforts have been made to establish the authenticity of the parental responsibility, when withdrawing consent for the specified child, considering available technology.
Where applicable, the Data Protection Officer will inform the relevant process owner of this change, and the processing activities that relied upon the consent is stopped immediately, in accordance with the relevant process.
7. Use of Cookies
The website uses cookies provided by trusted third parties, such as Google Analytics, to help us understand and improve users experience on the website.
Payment Island Services Limited may use the information we obtain from your use of our cookies to:
- Recognize your computer when you visit our website,
- Track you as you navigate our website,
- Improve the website’s usability (including our Live Chat application to answer questions you have in real time,
- Analyze the use of our website - such as how many people visit us each day, and
- Manage the website
Users can disable cookies and prevent the setting of cookies by adjusting the settings on their browser. However, this is not recommended, as disabling cookies may also disable certain functionality and features of the site.
8. Disclosure to Third-Parties
Asides situations where Payment Island Services Limited may be required to disclose personal data of individuals in accordance to a legal obligation in response to requests by government authorities or law courts on matters involving national security or law enforcement requirements, Payment Island Services Limited will not pass on its data subjects’ personal data to third parties without first obtaining consent.
In situations where the processing of personal data will involve investigation of potential violations of Payment Island Services Limited Terms of Service, fraud prevention/mitigation, security issues management, and the preservation of the rights and freedom of staff, customers, and clients, Payment Island Services Limited shall establish an appropriate legal ground for such data transfers.
Payment Island Services Limited has put in place, to the best of its ability and in line with standard global practices, physical, technical, and organisational measures (including secure encryption and anonymisation) to ensure the optimum protection of personal data, which also extends to data transferred or shared with third-parties.
8.1 Cross-Border Transfers
Payment Island Services Limited may also engage third parties abroad (such as other financial institutions, contractors, government-authorised agencies, etc.) that will receive personal data for certain purpose(s) as part of Payment Island Services Limited processing activities and process them on Payment Island Services Limited behalf. Where this is the case, Payment Island Services Limited will enter into a Data Processing Agreement with the third party and also ask for your consent if the purpose of processing was not initially stated on inception and be satisfied that the third party has adequate measures in place to protect the data against accidental or unauthorised access, use,
alteration, destruction, or disclosure.
For cross-border transfers, Payment Island Services Limited ensures the third-party recipients of such data provide an adequate level of protection, that is comparable to Payment Island Services Limited data protection measures and are regulated in accordance with the Nigeria Data Protection Act 2023.
8.2 Personal Data Transfers to Countries Outside Nigeria
Where personal data must be transferred to a country outside Nigeria, Payment Island Services Limited is committed to ensuring the adequate protection of the rights and freedoms of data subjects, and will ensure this transfer is in accordance with the Nigeria Data Protection Act (NDPA). Hence, before such transfer of personal data takes place, Payment Island Services Limited will confirm that the recipient (whether within or outside Payment Island Services Limited) is an entity regulated under the NDPA and meets the required standard of data protection principles, including but not limited to Payment Island Services Limited information security policy and the requirements of the NDPA. This will also be done in compliance with a signed Data Processing Agreement (DPA) or other relevant means of lawful data transfer (such as binding corporate rules, BCRs).
9. Data Retention/Destruction
Payment Island Services Limited will not keep personal data longer than is necessary for the purpose for which it was collected, in line with Payment Island Services Limited data retention policy and NDPA. When the purpose for which the personal data was obtained has expired, and there is no need to use the data for any legal, regulatory, or business purpose, Payment Island Services Limited shall take reasonable steps to securely destroy the personal data or convert it to a form that cannot be identified in line with the industry best practice (secure encryption or anonymization).
10. Right to Access Personal Data (Data Subject Rights)
The NDPA defines Data Subject Rights, which include the right to access, correct, and erase personal data held by Payment Island Services Limited. It also includes rights related to data portability, restriction of processing, and objection to processing. Data subjects also have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
10.1 Data Subject Access Request (DSAR)
Payment Island Services Limited is required to take appropriate measures to provide any requested information in an understandable and easily accessible format, using clear and plain language, especially when addressing information to children. If a data subject wishes to make a data access request, this request will be directed to the DPO or appropriate personnel who will ensure that the request is fulfilled.
To assist us in responding to your request as quickly as possible, we ask you to provide the following information:
- Full name and contact information
- Proof of identity (such as a copy of your passport, driver’s license, etc.)
- Details of the personal data you are requesting, including any relevant dates, times, or other information that will assist us in locating the data
10.2 Data Portability Request
Under the NDPA, a data subject has the right to receive the personal data concerning them, which they have provided to Payment Island Services Limited, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
10.3 Right to Object/Restrict Processing
Under the NDPA, a data subject has the right to object to the processing of their personal data at any time on grounds relating to their particular situation unless the data controller demonstrates compelling legitimate grounds for the processing, which overrides the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
11. Information Security
Payment Island Services Limited has implemented appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed. These measures include, but are not limited to, the encryption of data and ensuring the physical security of our facilities.
12. Breach Notification
In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, Payment Island Services Limited will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If the data breach is likely to result in a high risk to the rights and freedoms of individuals, Payment Island Services Limited will also notify the affected individuals without undue delay.
13. Changes to This Privacy Policy
We may update this privacy policy from time to time in response to changing legal, technical, or business developments. When we update our privacy policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material privacy policy changes if and where this is required by applicable data protection laws.
Contact Us
If you have any questions or concerns about this privacy policy or our privacy practices, please contact our Data Protection Officer at:
- Email: dpo@payislands.com
- Phone: 09016161605
- Address: Payment Island Services Limited, NO: 45B, JABI, ANGUWAN RIMI, KADUNA STATE, NIGERIA.