Privacy Policy

Privacy Policy for MFN International Consulting Services Limited.

MFN are committed to protecting and respecting your privacy.


Scope of Policy

This privacy policy (Policy) and any additional terms of use applies to your use of:

  1. MFN mobile application software (App) available on our website OR hosted on the Google Play Store (App Site), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (Device).
  2. Any of the services accessible through our website, the App (Services) or those available on the App Site or other sites of ours or other third-party Sites (Service Sites)

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It is in compliance with the Constitution of the Federal Republic of Nigeria 1999, Nigerian Data Protection Act 2023 (the “Act”), and Nigeria Data Protection Regulation 2019 (the “Regulations”)


Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By downloading the App, you confirm that you have read, understood and accept the terms of this Policy set out hereunder. You also consent to the collection, use, storage, processing and disclosure of your personal information in the manner set out in this Policy.

A. Information we may collect from you

We may collect and process the following data about you.

1) Information you give us about you (Submitted information):

This may include information:

  • provided by filling in forms in the App or on the App Site or Service Sites (together Our Sites);
  • provided by corresponding with us (for example, by e-mail or chat);
  • provided by registering to use the App Site, downloading or registering the App, subscribing to any of our Services (such as applying for a loan), searching for an app or Service, sharing data via the App's social media functions, entering a competition, promotion or survey, and reporting a problem with the App, our Services, our App Site or any of Our Service Sites.

This information may include your name, gender, occupation, Bank Verification Number, National Identification Number, address, e-mail address and phone number, the Device's phone number, SIM card details, age, username, password and other registration information, financial and credit information (including your mobile money account details, bank account details, and bank verification number, where applicable), personal description and photograph (“Personal Data”).

2) Information we collect about you and your device.

When you send email or other communications to us, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.

Each time you visit one of our Sites or use one of our Apps, we may automatically collect the following information:

  • technical information, including the type of mobile device you use, information about the SIM card used by the Device, mobile network information, your Device’s operating system, the type of browser you use, or your Device’s approximate location and time zone setting (Device Information);
  • information stored on your Device, including contacts list, SMS logs and a fixed number of installed apps; and
  • details of your use of any of our Apps or your visits to any of Our Service Sites; including, but not limited to, traffic data, location data, weblogs and other communication data (Log Information).

3) Location information.

We may also use GPS technology OR other location services to determine your current location. You can withdraw your consent to our collection, processing or use of this information at any time by logging out and uninstalling the App from your Device.

4) Information we receive from other sources (Third Party Information).

Due to the nature of the Services which we provide, we are required to work with a number of third parties (including banks, identification verification companies, payment service providers, credit reference agencies, debt recovery companies, financial services providers and mobile network providers) and we may receive information about you from them.

5) Unique application numbers.

When you install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.


B. Tracking and cookies

We may use mobile tracking technologies and/or website cookies to distinguish you from other users of the App, App Site, or Service Sites. This helps us to provide you with a good experience when you use the App or browse any of the Service Sites and also allows us to improve the App and Our Service Sites.


C. Uses made of the information We Collect

  1. The Information we collect from you or from Third Party Partners are used and processed for (a) Contractual Purposes (b) Legal Obligations (c) Legitimate Interests.
    1. Contractual Purposes
      1. providing any of the Services to you including and not limited to determining whether or not to provide a service to you, the applicable terms of such service and the terms and conditions applicable to such service. We are unable to make this determination unless we collect and process data in accordance with our terms and conditions; or
      2. communicating with you regarding requests about our Services or Services provided to you.
    2. Legal Obligations
      1. identification, validation and verification of your identity;
      2. processing of payment and settlement instructions;
      3. managing investment of funds on your behalf;
      4. collection of loans and any amount outstanding from you;
      5. compliance with any risk, regulatory duty or lawful obligation including responding to regulators or supervisors, carrying out anti money laundering investigations, record keeping obligations, etc;
      6. carrying out risk analysis and assessments of our Services, Service Sites and market;
      7. compliance with codes of conducts or best practices; or
      8. troubleshooting issues with our Services and Service Sites;
    3. Legitimate Interest
      1. fraud detection and prevention of other illegal use of our Services and Service Sites;
      2. improving our Services to you and your experience with us;
      3. offering rewards and other incentives to our customers;
      4. collaborating with Third Parties to provide a Service or to improve our services to you;
      5. educate you about Services or any other information that might be useful to you as our customer;
      6. improving our business, processes, policies etc;
      7. improve our data quality;
      8. carry out research, experiments and tests; or
      9. marketing, advertising and sensitization of our Services.
  2. When you use our services on the mobile App, we also collect the following information from your smartphone;
    • Location: An approximate location is used to check your serviceability and to prevent fraud.
    • Contacts: Our system reviews your contacts for fraud prevention. We will never call or message your contacts.
    • SMS: Our system reviews your SMS to understand your financial history and personalize your loan offers.
    • Installed apps: Our system checks for the presence of a fixed number of apps installed on your device to personalize your loan offers.

We access this information through your mobile device operating system when you give consent to your device’s permissions on our App.

We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this Policy for as long as it is combined. Save in compliance with an order of the Court, Arbitral Panel, Tribunal, Regulatory Directive or Order or any other legal or regulatory obligation, we do not disclose information about identifiable individuals to other parties, but we may provide them with anonymous aggregate information about our users (for example, we may inform them that 500 men aged under 30 have applied for a loan on any given day).


D. Consent and Access Rights

You hereby consent to the processing of your data by us. We shall obtain your consent for and to individual matters, where any document deals with different matters.

We can process your personal data in the absence of consent where:

  1. processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract or for the provision of any of our products and services;
  2. processing is necessary for compliance with a legal obligation to which you are subject;
  3. processing is necessary in order to protect your vital interests or that of another natural person; and
  4. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official public mandate vested in us.
  5. processing is necessary for the purposes of the legitimate interests pursued by us, or by a third party to whom the data is disclosed in accordance with applicable law.

If we intend to use your data for a purpose which is different from the purpose for which your data was obtained, we will seek your consent prior to the use of your data for that other purpose.

In the event of any arrangement whereby MFN is merged or combined with another entity (ies), sells or transfers all, or a portion of, its business or assets (including in the event of an internal or external restructuring, reorganization, dissolution or liquidation) to third parties, you hereby consent that your personal data held with MFN can be transferred or assigned to third parties who may become the controllers and/or processors of your personal data that was held by MFN prior to such arrangement. MFN shall at all times ensure that you are notified when your personal data is intended to be transferred to third parties in the circumstances outlined in this clause.

No Consent shall be sought, given or accepted in any circumstance that may engender direct or indirect propagation of atrocities, hate, child rights violation, criminal acts and anti-social conducts.

You reserve the right to request the modification or amendment of your personal data in our possession.

In all cases of access or modification/amendment of personal information, we shall request sufficient identification to enable us to confirm that you are the owner of the data sought to be accessed or modified/amended.


E. YOUR RIGHTS

You have certain rights in relation to the way we handle your Personal Data. These include the following rights:

  1. where the legal basis of our processing is consent, to withdraw that consent at any time;
  2. to ask for access to the Personal Data that we hold (see below);
  3. to prevent our use of the Personal Data for direct marketing purposes;
  4. to object to our processing of Personal Data in limited circumstances; and
  5. to ask us to erase Personal Data without delay:
    1. if it is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
    2. if the only legal basis of processing is consent and that consent has been withdrawn and there is no other legal basis on which we can process that Personal Data;
    3. You object to our Processing where the legal basis is the pursuit of a legitimate interest or the public interest and we can show no overriding legitimate grounds or interest; and
    4. if the Processing is unlawful.
  6. to ask us to rectify inaccurate data or to complete incomplete data;
  7. to restrict Processing in specific circumstances e.g. where there is a complaint about accuracy;
  8. to ask us for a copy of the safeguards under which Personal Data is transferred outside of Nigeria;
  9. the right not to be subject to decisions based solely on automated Processing, including profiling, except where necessary for entering into, or performing, a contract, with Us; it is based on your explicit Consent and is subject to safeguards; or is authorised by law and is also subject to safeguards;
  10. to prevent Processing that is likely to cause you damage or or anyone else;
  11. to data portability;
  12. to be notified of a Personal Data Breach which is likely to result in high risk to your rights and freedoms;
  13. to make a complaint to Nigeria Information Technology Development Association or any other regulatory body; and
  14. in limited circumstances, receive or ask for your Personal Data to be transferred to a Third Party (e.g. another company which the customer/client has dealing with) in a structured, commonly used and machine-readable format.

F. Personal Data Protection Principles

When we process your personal data, we are guided by the following principles, which require personal data to be:

  1. processed lawfully, fairly, in a transparent manner and with respect for the dignity of the human person.
  2. collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
  4. accurate and where necessary kept up to date.
  5. removed or not kept in a form which permits identification of data subject for longer than is necessary for the purposes for which the personal data is processed.
  6. processed in a manner that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage.

G. Third Party Access

We will only share personal information with other companies or individuals in the following limited circumstances:

  1. We have your consent.
  2. We provide such information to other trusted businesses or persons (such as identity verification companies, credit bureaus, collection agencies, Third Party Processors etc)for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
  3. We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable terms of service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of MFN, its users or the public as required or permitted by law.

MFN is at all times, responsible for the security and appropriate use of that data as long as it remains with MFN.


H. User Responsibility

You are required to familiarize yourself with this policy and to ensure that the information you provide to us is complete, accurate and up to date.


I. Disclosure of your information

Subject to the provisions of paragraph D(a) above, we may disclose some or all of the data we collect from you when you download or use the App.

We may disclose your personal information to third party partners such as banks, payment companies, asset management firms, identity verification companies, credit reference bureaus, debt recovery companies, or any other person (entity) that provides any form of service or information to us for the provision of the Service.

We may disclose your personal information to any member of our group, which means our subsidiaries, affiliates, our holding company and its subsidiaries.

We may disclose your personal information to third parties:

  1. in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  2. if MFN International or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets;
  3. if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request; and/or
  4. in order to, enforce our Terms and Conditions and other agreements to which you are a party or that applies to you as a User, to investigate potential breaches; report defaulters to any credit bureau; or for the purpose of publishing statistics relating to the use of the App, in which case all information will be aggregated and made anonymous.

You consent to us disclosing or providing your personal information under any of the circumstances set out in this Paragraph.


J. Where we store/transfer your personal data

The data that we collect from you may be transferred to, and/or stored at, a destination outside your country of origin or residence (as applicable).

By providing your consent to this policy, you also authorise us to transfer your Personal Data provided to us out of Nigeria to other entities within the MFN Group or third parties with the understanding that the data may be used for the purpose stated in our contract or terms of engagement with such entities. We are required to let you know that your Personal Data may be transferred outside Nigeria to the United States of America, Kenya, India, or any other country where a MFN entity is incorporated. (“Foreign Recipients”). By continuing to use our Services or Service Sites, you explicitly consent to the transfer of your Data to any of the Foreign Recipients mentioned above.

We assure you that we will protect your Personal Data in our possession and we confirm that the security measures in place both in Nigeria and the Foreign Recipients are more than adequate to protect your Personal Data. We confirm that we take appropriate physical, management, and technical measures, such as the establishment of the access control system and monitoring system, encryption, anonymisation or pseudonymisation, employee training, to protect your Personal Data against unauthorized access, use, disclosure, modification, damage, loss, or other forms of illegal processing. Our information security policies and procedures are designed in strict accordance with international standards, and are reviewed and updated regularly. We implement and maintain appropriate safeguards to protect Personal Data, taking into account in particular the risks to you, presented by unauthorised or unlawful processing or accidental loss, destruction of, or damage to their personal data. If we collect your Personal Data, you can contact us for a copy of the safeguards which we have put in place to protect your Personal Data and privacy rights in these circumstances.

By submitting your personal data, you also agree to the collection, transfer, storing or processing of your personal data in the manner set out above.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of Our Service Sites, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to Our Service Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.


K. Google API Disclosure

MFN's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.


L. Data Security

We implement and maintain appropriate safeguards to protect personal data, taking into account in particular the risks to you, presented by unauthorised or unlawful processing or accidental loss, destruction of, or damage to their personal data.

Safeguarding will include the use of encryption and pseudonymisation where appropriate. It also includes protecting the confidentiality (i.e. that only those who need to know and are authorized to use personal data have access to it), integrity and availability of the personal data. We regularly evaluate and test the effectiveness of those safeguards to ensure security of our processing of personal data.

You should be aware, however, that no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures, we cannot guarantee absolute security. MFN, therefore, accepts no liability for any damage or loss, however caused, in connection with transmission over the internet or electronic storage.


M. Links to third party sites

Our Service Sites may contain links to other websites owned and operated by third parties. These links are provided for your information and convenience only and are not an endorsement by MFN of the content of such linked websites or third parties. The information that we collect from you will become available to these websites if you click the link to the websites. These linked websites are neither under our control nor our responsibility. MFN, therefore, makes no warranties or representations, express or implied about the safety of such linked websites, the proprietors or operators of those websites, and the suitability or quality of information contained on them. This Privacy Policy does not apply to these websites, thus, if you decide to access these linked third party websites and/or make use of the information contained on them, you do so entirely at your own risk. MFN accepts no liability for any damage or loss, however caused, in connection with accessing, the use of or reliance on any information, material, products or services contained on or accessed through any such linked website. We advise that you contact those websites directly for information on their privacy policy, security, data collection and distribution policies.


N. Your rights

We will use your data for the purposes of compiling statistics relating to our user base or loan portfolio and any other product or service we provide and may disclose such information to any third party for such purposes, provided that such information will always be anonymous.

Should we wish to use your information for marketing purposes, we will inform you prior to such use. You shall be entitled to prevent such usage by informing us, within 10 days of being informed of the proposed use, that you do not wish to disclose such information. You can also exercise the right at any time by contacting us at [email protected]


O. Access

You have the right to know the nature of your personal data which we have in our possession. We shall attend to your request to access such information and shall provide you with a copy of your personal data which we hold at the time such application is made. You reserve the right to request the modification or amendment of your personal data in our possession. In all cases of access or modification / amendment of personal information, we shall request sufficient identification to enable us to confirm that you are the owner of the data sought to be accessed or modified / amended.


P. Our Data Protection Principles

When we process your personal data, we are guided by the following principles, which require personal data to be:

  1. processed lawfully, fairly, in a transparent manner and with respect for the dignity of the human person.
  2. collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  4. accurate and where necessary kept up to date.
  5. removed or not kept in a form which permits identification of data subject for longer than is necessary for the purposes for which the personal data is processed.
  6. processed in a manner that ensures its security, using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Q. Violation of Privacy Policy

We have put in place procedures to deal with any suspected personal data breach and will notify you of any personal data breach and let you know the steps we have taken to remedy the breach and the security measures we have applied to render your personal data unintelligible.

All suspected breach of personal data will be remedied within 1 (one) month from the date of the report of the breach.

If you know or suspect that a personal data breach has occurred, you should immediately contact the MFN team at [email protected].

MFN will not be responsible for any personal data breach which occurs as a result of:

  1. an event which is beyond the control of MFN;
  2. an act or threats of terrorism;
  3. an act of God (such as, but not limited to fires, explosions, earthquakes, drought, tidal waves and floods) which compromises MFN’s data protection measures;
  4. war, hostilities (whether war be declared or not), invasion, act of foreign enemies, mobilization, requisition, or embargo;
  5. rebellion, revolution, insurrection, or military or usurped power, or civil war which compromises MFN’s data protection measures;
  6. the transfer of your personal data to a third party on your instructions; and
  7. the use of your personal data by a third party designated by you.

R. Data Retention

MFN shall retain and use your Data only as long as is necessary to implement, administer and manage your request and contract with MFN, or as required to comply with legal or regulatory obligations, including under tax and security laws. We may retain your Data for a minimum of 6 years (or such longer period as may be necessary) even after we have received a request for deletion from you in order to comply with our regulatory obligations. We will retain your Data if there is an outstanding obligation or duty from you.

Notwithstanding, a request for erasure will automatically be denied in whole or in part, where it would adversely affect a constitutionally guaranteed right, contradict a legal obligation, act against the public interest in the area of public health, act against the public interest in the area of scientific or historical research, or prohibit the establishment of a legal defense or exercise of other legal claims by MFN or any legitimate third party. Where a request for erasure is denied, MFN will provide to you the specific reason for denying the request as soon as possible but no later than one month after receiving the request for erasure.


S. Changes to privacy policy

Any changes we may make to this Policy in the future will be posted on this page and, where appropriate, notified to you when you next start the App or log onto one of the Service Sites. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the App or the Services. In any event, by continuing to use the App or any Services after the posting of any changes, you confirm your continuing acceptance of this Policy together with such changes, and your consent to the terms set out therein.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [email protected]