Privacy Policy
Introduction
Chase Microfinance Bank Limited (“Chase MFB”, “the Bank”, “we”, “us” or “our”) is committed to protecting the
privacy and confidentiality of personal data entrusted to us by our customers, employees, partners, and other
stakeholders. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in
compliance with applicable data protection laws and regulations, including the Nigeria Data Protection Act (NDPA)
2023, Nigeria Data Protection Regulation (NDPR), Central Bank of Nigeria (CBN) guidelines, and other applicable
laws.
By accessing or using our website, digital platforms, products, or services, or by visiting our premises, you
acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of
your personal data as described herein.
Scope of the Policy
This Privacy Policy applies to:
Customers (individual and business)
Prospective customers
Employees and job applicants
Vendors, agents, and service providers
Website and digital platform users
Definition of Personal Data
Personal data refers to any information relating to an identified or identifiable natural person. This includes, but is not
limited to:
Name, address, phone number, and email address
Date of birth and gender
Bank Verification Number (BVN), National Identification Number (NIN), and other identification details
Account, transaction, and loan information
Biometric data (where applicable)
Employment and income information
Images, CCTV recordings, and voice recordings
Lawful Basis for Processing Personal Data
Chase MFB processes personal data based on one or more of the following lawful grounds:
Consent of the data subject
Performance of a contract or steps taken prior to entering into a contract
Compliance with legal and regulatory obligations
Protection of vital interests of the data subject
Performance of a task carried out in the public interest
Legitimate interests of the Bank, provided such interests do not override the rights of the data subject
Categories of Personal Data Collected
We may collect the following categories of personal data:
Identification data
Contact information
Financial and transactional data
Credit and risk-related data
Employment and business information
Digital data (IP address, device information, login credentials)
CCTV and security data
Purpose of Data Collection and Processing
Chase MFB collects and processes personal data for the following purposes:
Opening and managing customer accounts
Providing banking, lending, and financial services
Credit appraisal, risk management, and loan recovery
Compliance with CBN, NDPC, AML/CFT, and other regulatory requirements
Customer communication and service improvement
Fraud prevention, security, and risk monitoring
Staff administration and human resource management
Marketing and product development (subject to consent)
Data Sharing and Disclosure
We may share personal data with:
Regulators and government agencies (CBN, NDPC, law enforcement) as required by law
Credit bureaus and identity verification agencies
Service providers, vendors, and agents acting on our behalf
Professional advisers, auditors, and consultants
Third parties where the data subject has provided explicit consent
All third parties are required to maintain appropriate data protection and confidentiality standards.
Cross-Border Data Transfer
Where personal data is transferred outside Nigeria, Chase MFB ensures that such transfers are carried out in
compliance with applicable data protection laws and with adequate safeguards in place to protect the data.
Data Retention
Personal data shall be retained only for as long as necessary to fulfill the purpose for which it was collected, or as
required by applicable laws and regulations. When data is no longer required, it shall be securely deleted or
anonymized.
Data Security Measures
Chase MFB implements appropriate technical and organizational measures to safeguard personal data against
unauthorized access, loss, misuse, alteration, or destruction. These measures include:
Access controls and authentication
Encryption and secure IT infrastructure
Staff confidentiality obligations
Regular security assessments and audits
Rights of Data Subjects
Data subjects have the right to:
Access their personal data
Request correction or update of inaccurate data
Request deletion or restriction of processing, subject to legal limitations
Withdraw consent at any time
Object to processing for marketing purposes
Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
Requests relating to these rights may be made through the Bank’s designated contact channels.
Website, Cookies and Digital Platforms
Chase MFB’s website and digital platforms use cookies and similar technologies to enhance user experience,
analyze website traffic, improve functionality, and support security. Cookies do not capture personal data without
consent. Users may disable cookies through their browser settings; however, doing so may affect website
functionality.
CCTV and Surveillance
For security and safety purposes, Chase MFB operates CCTV surveillance at its branches and facilities. Recorded
footage is used strictly for security, fraud prevention, and regulatory purposes and is retained in line with applicable
laws.
Marketing Communications
The Bank may send customers information about products and services. Customers may opt out of marketing
communications at any time by following the unsubscribe instructions or contacting the Bank.
Data Breach Management
In the event of a personal data breach, Chase MFB shall take prompt steps to contain and assess the breach and
notify relevant regulators and affected data subjects in accordance with applicable data protection laws.
Responsibilities of Employees and Partners
All employees, agents, and third-party service providers are required to comply with this Privacy Policy and
applicable data protection obligations. Breaches may result in disciplinary action or termination of contracts.
Policy Review and Updates
This Privacy Policy shall be reviewed periodically and updated as necessary to reflect changes in laws, regulations,
or the Bank’s operations. Updated versions will be made available to customers through appropriate channels.