SnapPurse Privacy Policy

This Privacy Policy (“Policy”) has been put together to explain to you how we collect, use, store, share, transfer and otherwise process the personal information that you provide to us or that we collect when you use SnapPurse, the Quick Response payment solution developed by Sterling Bank Plc (“Platform” or “Solution”).

Throughout this document, “we”, “us”, “our”, “SnapPurse” and/or “ours” refer to Sterling Bank Plc (“Sterling” or “the Bank”) incorporated under the laws of the Federal Republic of Nigeria with its registered office at Sterling Towers, 20 Marina, Lagos. The reference to “you” or “your” means you, any authorised person that uses your account, and anyone who initiates, conducts or concludes a transaction using your SnapPurse account.

This Policy applies to your use of the Platform on the web and mobile application. By visiting, accessing or using the Platform, you acknowledge that your personal data will be processed in accordance with this Policy and applicable law. Where consent is required by law for any specific processing activity, we will obtain such consent separately.

The information we collect about you

We gather information from you for a number of reasons. We may need you to provide your Personal Information/Data such as your name, contact details, identification, work and residential addresses, gender, positions held, forms submitted, Bank Verification Number (BVN), payment details and other enquiry details which would enhance your service experience on the Platform. Your Personal Data that we collect falls into various categories, such as:

  1. Details about your banking activities and transactions with us.

    This includes information on any bank accounts you use, debit card numbers, financial history, information you provide to deliver payment initiation services and account information services regarding accounts you hold with other providers.

  2. Information on how you use your device/Usage Data.

    We may also collect information that your browser sends whenever you visit our website or banking applications or when you access the Platform or any of our services by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Platform that you visit, the time and date of your visit and the time spent on those pages, amongst other diagnostic data. When you access the Service by or through a mobile device or use the mobile app, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

  3. Sensitive data

    We may hold sensitive personal data about you, including, where applicable and lawful, biometric information used to uniquely identify you, such as your fingerprint, facial recognition or voice recording, and other sensitive personal data processed in connection with the products or services we provide to you. We will only process such data where permitted by applicable law, including where processing is necessary for the establishment, exercise or defence of legal claims, for reasons of substantial public interest, to comply with a legal obligation, to protect your vital interests, or with your explicit consent where required.

  4. Information which you have consented to us using

    We may collect information about your marketing preferences to help us share with you information about relevant services, products and offers that may be of interest to you.

  5. Tracking and Cookies Data

    We use cookies and similar tracking technologies to track activity on our website and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. You can also refuse permissions to read your phone data by the mobile application. However, if you do not accept cookies on your browser or allow permissions on your mobile device, our online service experience may be degraded and you may not be able to use some portions of our Service. We may also collect information about your internet browser settings and Internet Protocol (IP) address and other relevant information to help us identify your geographic location when providing you with our services.

  6. Other Information

    We may also process specific categories of information for specific and limited purposes, such as detecting and preventing financial crime or making our services available to customers. We will only process such information where we have obtained your consent where required or are otherwise lawfully permitted to do so.

Examples of Cookies we use:

  • Session Cookies:

    We use Session Cookies to operate our Service. Session cookies will expire at the end of your browser session and allow us to link your actions during that browser session.

  • Preference Cookies:

    We use Preference Cookies to remember your preferences and actions, across multiple sites.

  • Security Cookies:

    We use Security Cookies for security purposes.

How we use your personal Information

To the extent permissible under applicable law, we may use your information for the following legitimate actions. Depending on the purpose, we process your personal data on the basis of your consent, performance of a contract with you, compliance with a legal obligation, protection of your vital interests, performance of a task carried out in the public interest, or our legitimate interests where such interests do not override your fundamental rights and freedoms.

  • Determine your eligibility for our other products and services.
  • Verify your identity when you access your account information.
  • Administer your accounts or other products and services that we or our partners/affiliates may provide to you.
  • Respond to your requests and communicate with you.
  • Understand your financial needs.
  • Prevent crime, fraud, money laundering, or terrorism financing activities.
  • Manage our risks.
  • Market the products and services of Sterling, related entities, and affiliates, where permitted by law.
    • We may send you marketing and promotional messages by post, email, telephone, text, secure messaging, or mobile app.
    • You may change your preferences for receiving marketing messages, withdraw your consent where consent is the basis, or object to direct marketing at any time.
    • We will continue to send important information regarding your dealings with us.
  • Process transactions, design products, and improve our services.
  • Notify you about changes to our Services.
  • Allow you to participate in interactive features of our services when you choose to do so.
  • Provide customer care and support, including internal operations like troubleshooting, data analysis, testing, security, fraud-detection, and account management.
  • Process your information for audit, statistical, or research purposes:
    • Help us understand trends in customer behaviour.
    • Better understand risks and curate products and services suitable to our customers’ needs.
  • Monitor our conversation with you when we speak on the telephone:
    • Check your instructions to us.
    • Analyze, assess, and improve customer service.
    • For training and quality assurance purposes.
    • For verification, fraud analysis, and prevention purposes.
  • Carry out analysis to evaluate and improve our business.
  • Monitor the usage of our Services.
  • Detect, prevent, and address technical issues.
  • Prevent fraud and enhance the security of your account or our service platform.
  • Comply with and enforce applicable legal and regulatory requirements, relevant industry standards, contractual obligations, and our policies.
  • Provide you with tailored content and marketing messages, such as recommending products or services you may be interested in, where permitted by law.
  • Fulfill other purposes required by law or regulation.

How do we share your information?

We may share information about you and your dealings with us, to the extent permitted by law, with the following categories of recipients:

  • Sterling Bank’s related, affiliate, or subsidiary companies, where necessary for lawful business, operational, compliance, risk management, service delivery or administrative purposes.
  • Legal/Regulatory Authorities:
    • It may be necessary by law, legal process, litigation, and/or requests from public and governmental authorities for us to disclose your personal information.
    • We may also disclose information about you if we determine that for purposes of national security, law enforcement, regulatory compliance, or other issues of public importance, disclosure is necessary or appropriate.
  • Professional Advisers: Auditors and Legal Advisers.
  • Correspondent Banks.
  • External Auditors.
  • Strategic partners and service providers for the purpose of providing our services to you:
    • Your personal information will not be shared with third parties for their own independent marketing purposes without your consent, except as otherwise permitted by law.
    • Such third parties are required to process personal data only on our documented instructions and in accordance with appropriate confidentiality and security obligations.
  • Other persons or entities where we have your consent to share the information.

We may also disclose your Personal Information in the good faith belief that such action is necessary in any of the following circumstances:

  • To comply with a legal obligation.
  • To bring you improved service across our array of products and services, when permissible under relevant laws and regulations, by disclosing your personal information with Sterling Bank’s affiliated websites and businesses.
  • To protect and defend the rights or property of Sterling Bank.
  • To prevent or investigate possible wrongdoing in connection with our Service.
  • To protect the personal safety of users of our Service or the public.
  • To protect against legal liability.
  • In the event of a reorganization, merger, acquisition, restructuring or sale, we may transfer personal information we collect to the relevant third party, subject to applicable law.
  • Where we find that your actions on our websites or banking applications violate any part of our Privacy Policy or applicable terms.
  • We may provide information to trusted third parties who assist us in conducting our business:
    • We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.

Where your personal data is transferred outside Nigeria, we will ensure that such transfer is carried out in accordance with applicable law and subject to appropriate safeguards or other lawful transfer mechanisms.

How we secure your Information

We have implemented appropriate organizational and technical measures to keep your Personal Information/Data confidential and secure. This includes the use of encryption, access controls and other forms of security to ensure that your data is protected. We require all parties including our staff and third parties processing data on our behalf to comply with relevant policies and guidelines. Where you have a password which grants you access to specific areas on our site or to any of our services, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details (e.g. token generated codes) with anyone.

Although we have taken measures to secure and keep your information confidential, because the security of your data is important to us, please be aware that no method of transmission over the Internet, or method of electronic storage can guarantee 100% security at all times. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. You are responsible for securing and maintaining the privacy of your password and account/profile registration information and verifying that the Personal Data we maintain about you is valid, accurate and up to date. If we receive instructions using your account login information, we will consider that you have authorised the instructions and process your instruction accordingly and without incurring any liability for doing so.

Where required by applicable law, we will notify the relevant regulator and affected data subjects of personal data breaches within the time and in the manner prescribed by law.

How long we keep your information.

We retain your Information for as long as the purpose for which the information was collected continues and for such additional period as may be required to comply with applicable legal, regulatory, tax, accounting, internal compliance, dispute resolution, enforcement, audit or reporting obligations.

The applicable retention period will depend on the nature of the data, the product or service involved, and the legal or regulatory obligations that apply to us.

Please note that regulations may require Sterling to retain your personal data for a specified period even after the end of your banking relationship with us.

Your Rights

You have certain rights in relation to the personal data we collect as provided by the Nigeria Data Protection Act 2023 and other applicable laws, subject to applicable limitations and exceptions. These rights may include:

  • A right to request information about and access to your personal data.
  • A right to request correction, rectification or update of your information in our possession.
  • A right to request the erasure of personal data in appropriate circumstances.
  • A right to withdraw your consent to processing of personal data where consent is the lawful basis:
    • This will not affect the lawfulness of processing carried out prior to any such withdrawal.
  • A right to object to processing of personal data in certain circumstances, including direct marketing.
    • This will only be applicable where there are no overriding lawful grounds or other legal or operational reasons authorizing us to continue to process your data.
  • A right to request restriction of processing in appropriate circumstances.
  • A right to request that your personal data be made available to you in a structured, commonly used electronic format and, where technically feasible, request that such data be sent to a third party.
  • A right, where applicable, not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects on you, except as permitted by law.
  • A right to lodge a complaint with the Nigeria Data Protection Commission.

These rights are subject to certain limitations as provided by applicable law. To exercise any of your rights, please contact us using the details provided in the “How to Contact Us” section below.

Privacy of minors

We do not knowingly collect names, email addresses, or any other personally identifiable information from children through the internet or on the Platform except as permitted by applicable law. We do not allow children under the age legally permitted to consent under applicable law to open accounts or use services without the consent of a parent or legal guardian where such consent is required. If you are a parent or guardian and you are aware that your child has provided us with Personal Data without the required consent or verification, please promptly contact us.

Third Party Websites

Our website, related websites and mobile applications may have links to or from other websites that are not operated by us. We have no control over and assume no responsibility for the security, privacy practices or content of third party websites or services. We recommend that you always read the privacy and security statements on these websites.

Service Providers

We may employ third party companies and individuals to facilitate our services on the SnapPurse Platform (web or mobile), to provide the service on our behalf, to perform specific service-related roles, or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose outside of the service-specific need for which the data is required, except as required by law.

Changes to this Policy

This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on our website or otherwise communicated as required by law.

Based on the changing nature of privacy laws, user needs and our business, we may modify this Privacy Policy from time to time. Any change to our Privacy Policy will be communicated on our website, via email or by placing a notice on our Platform and this will be effective as soon as published or otherwise stated. Accordingly, we encourage periodic reviews of this Privacy Policy for awareness of any changes that may have occurred.

CLOSING AND DELETING YOUR ACCOUNT

  • Deactivating or Closing Your SnapPurse Account

    You can deactivate or close your SnapPurse account at any time. If you wish to do so, please visit the profile section on the app and initiate deletion or contact us using the information provided in the “How to Contact Us” section. Additionally, if you decide to stop using the Platform, please ensure you delete the SnapPurse app from your digital smart device.

  • Data Deletion

    Upon request for account closure, you may also request the deletion of your data. This includes personal information and any data associated with your account. Please note that while we will make every effort to delete or anonymise your data where applicable, some information may be retained to comply with legal or regulatory obligations, resolve disputes, detect or prevent fraud, or enforce our agreements.

  • Account Deletion

    Although users can request the deletion of their data, it is important to understand that this action may not delete the actual account created with SnapPurse where we are required to retain account information for regulatory, compliance, legal, audit or operational purposes. If you have any concerns about this, please contact us for further assistance.

How to Contact Us

We are committed to resolving your privacy complaints and concerns as quickly as possible and have procedures in place to help resolve any problems or complaints efficiently. If you have any questions about this Privacy Policy, want to exercise your data protection rights, or wish to make a privacy-related complaint, please contact us at hello@snapcash.ng or call +234 201 700 4271.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission.