Data Protection Policy

Introduction

At SOROMAN Microfinance Bank (SOROMAN MFB), your privacy is important to us. We are committed to conducting our operations with transparency, responsibility, and a strong emphasis on sustainability. In line with best practices and regulatory requirements, we take proactive measures to safeguard our customers' personal information, ensuring all data is stored securely and in compliance with industry standards.

This Data Protection and Privacy Policy (“Policy”) applies to all platforms and channels through which we operate—including our websites, mobile applications, and in-branch services. It outlines our approach to data protection and how we handle personal information in the course of our operations.

All employees of SOROMAN MFB have a collective responsibility to ensure the confidentiality and integrity of both internal and external data. Compliance with the provisions of this policy is mandatory for all staff.

This document provides clear information on the type of data we collect, the reasons for collecting it, how it is processed and stored, and the rights of data subjects. It also explains the circumstances under which personal data may be shared and the duration for which it may be retained.

We encourage you to read this Policy carefully to understand our practices and commitments regarding the handling of your personal data.

1. Identification Data Includes: Full name, date of birth, maiden name, marital status, passport information, biometric data, driver's license, National Identification Number (NIN), and other official identification details. Purpose: Customer identification and verification, Account setup and management, Regulatory and compliance obligations.

2. Contact Data Includes: Residential address, phone number, and email address. Purpose: Communication and correspondence. Service delivery and support.

3. Financial Data Includes: Bank account details, Bank Verification Number (BVN), bank statements, income and expenditure records, credit history, debit/credit card information to be able to do assessment of financial standing, personalised financial services and advice and account management and monitoring.

4. Transaction Data Includes: Transaction history related to products and services subscribed to, as well as location data associated with debit/credit card usage to be able to record keeping and audit trails and perform transaction analysis and quality assurance.

5. Technical Data: Includes: Internet Protocol (IP) address, login credentials, browser type and version, operating system, time zone, geolocation data, device identifiers, and other technologies used to access our digital platforms to be able to System performance monitoring and diagnostics, conduct Internal reporting and analytics and prevent Cybersecurity and fraud prevention.

6. Profile Data Includes: Username, password, and preferences related to online services to be able to Identity verification for digital channels and have a customized digital experience.

7. Job Application Data Includes: Information submitted during the recruitment process to be able to conduct talent acquisition and recruitment and have internal HR records and documentation.

8. Usage Data Includes: Metrics on the usage of our website, digital platforms, products, and services to be able to performance analytics, User behavior insights and provide service improvement and optimization.

9. Marketing and Communication Data Includes: Records of communications with the Bank such as emails, letters, and telephone conversations to be able to conduct customer service quality control, do communication tracking and documentation.

10. Surveillance Data Includes: CCTV footage captured on our premises or ATMs to be able to provide Security monitoring and incident investigation and be able to protect our assets, staff, and customers.

How Data Is Collected

Data are collected when a user register or log into our website or mobile App, create an account with us, subscribe to a service, fill out, sign or upload any document from the Bank, fill a survey form, request customer service support, make an enquiry, communicate with us via any platform or interact with us on social media. When you use our website or mobile app, our web servers automatically recognize your domain name and IP address.
The domain name and IP address reveals nothing personal about you apart from the IP address from which you have accessed the site. We collect data on your website usage and device information through cookies, server logs, and other similar technologies that helps us understand your browsing habits. You can manage your cookie preferences and decide how we use this data by visiting the cookies settings page on our website We collect also data from external sources like analytics providers, identity verification services, and payment processors. We partner with third-party providers to prevent financial crime and comply with regulations.

Soroman MFB will never disclose, sell, or rent your personal information to third parties, except as outlined in this Policy and our terms of use. We may, however, share general, anonymous data with our trusted partners, technical support and advertisers.

What Constitute Consent?

You consent to Soroman MFB’s use of your personal data when you voluntarily provide them to us by accessing any of our products and services online or in any of our banking outlets. By using our website, mobile application and other services and by providing your personal data, you consent to the collection and use of the information you disclose to us in accordance with this Policy, including your consent for sharing your personal data in line with the terms contained in this Policy.

Obtaining Personal Data Base On Consent

Where applicable, Soroman MFB will require the explicit consent of data subjects before their private data are collected. Visitors to the bank’s website are expected to read and understand the website privacy message prompt and agree to the website’s terms of use. By consenting to the privacy policy, data subjects are giving Soroman MFB the permission to use/process their personal data specifically for the purpose identified before collection. Consent shall be provided by a parent or legal guardian in case of a minor as stated in the NDPA.
Any data subject that does not agree to Soroman MFB collecting and processing their personal data will not be able to enjoy the Bank’s service(s), where applicable. In instances where the Bank needs a sensitive personal data, such data subject will be notified or why the information and needed and its use. A data subject has the right to withdraw their consent at any time by making a withdrawal of consent request

Obtaining Personal Data Base On Consent

We collect your data to give you the best customer service experience. Soroman MFB use your private data for the following purpose:
. To provide specialized products and services to you
. Process transactions and send notifications
. Verify your identity
. Contact you about your account, services and important updates
. Resolve disputes, provide support and troubleshoot issues
. Prevent fraud, mitigate risk and ensure policy compliance
. Personalize your experience on our sites and analytics
. Provide the best customer service and respond to inquiries
. Improve our services based on customer preferences
. Conduct surveys and polls to get feedback from users and customers
. To maintain an accurate record and security

Retention Of Your Data

We don't retain ownership of personal data shared with us. We store it only for as long as reasonably necessary and take measures to protect it from various threats, including theft,cyberattacks, unauthorized access or disclosure, data manipulation and damage. Your personal data will only be retained for as long as it is still required to provide you with a particular service or is necessary for legal reasons. When deciding how long to retain your personal data, we take into account the data's sensitivity, our processing purposes, and relevant legal and regulatory guidelines.

Retention Of Your Data

A data subject’s right is stated in Data Protection Laws. You have the right to:

Be informed about Soroman MFB’s use of your personal data and access your data

Rectify, erase or restrict processing of your personal data

Object to processing of your personal data (note: this may impact our ability to provide services)

Receive your provided data in a structured, machine-readable format (data portability)

Withdraw consent for processing, subject to legal or contractual restrictions

Object to automated decision-making, including profiling

File a complaint with the relevant data protection supervisory authority

Cookies

We use cookies to optimize user experience on our website. We use cookies to manage the sign-up process and manage your browser session while you are logged in. Cookies allow you to enter your password less frequently during a session. Most cookies are ‘session cookies’, hence they are automatically deleted from your hard drive at the end of a session.

You can decline our cookies if your browser allows it, although you may be required to re-enter your password more frequently g a session. A cookie cannot read data off your hard disk or read cookie files created by other sites.

Use of a cookie is in no way linked to any personally identifiable information while on the website. Once you close your browser, the cookie simply terminates. For instance, by setting a cookie on your browser, you will not have to log in a password more than once, thereby saving time.

Contact

If you have questions, requests, or concerns relating to the processing of your personal data by Soroman MFB or need any clarification on this policy, please reach out to us through the details provided below:

Phone Number:+2348037024685/+2348149156671

Email: info@soromanmfb.com
Address: Plot No. S22-11C & 11B, Makama Jahun, Dunjuma Goje Street, Bauchi-Bauchi State, Nigeria.