Prospera Finance Limited Privacy Policy

Introduction

Prospera Finance Limited (“Prospera”, “Prospera Finance”, “we”, “our”, or “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, process, store, share, retain, and protect your personal information when you access or use our website, products, services, investment solutions, POS services, agency banking support, digital tools, applications, customer support channels, or when you otherwise communicate with us.

This Privacy Policy is governed by the Nigeria Data Protection Act, 2023, applicable directives and guidance issued by the Nigeria Data Protection Commission, and other relevant data protection, financial services, consumer protection, anti-money laundering, and regulatory requirements applicable in Nigeria. By accessing or using Prospera Finance services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

We may collect personal, business, technical, transactional, and verification information depending on the service you use, your relationship with us, and applicable regulatory or partner requirements.

1.1 Personal Information

We may collect information such as:

• Full name;
• Phone number;
• Email address;
• Residential address;
• Date of birth;
• Gender, where required for verification or compliance purposes;
• Passport photograph;
• Government-issued identification document;
• Bank Verification Number (BVN), National Identification Number (NIN), driver’s licence number, taxpayer identification number, or other identity verification details where applicable;
• Bank account details;
• Signature, forms, or documents submitted during onboarding or service use;
• Any other information you voluntarily provide to us.

1.2 Business Information

For POS agents, merchants, businesses, corporate customers, vendors, or partners, we may collect:

• Business name;
• Business address or operating location;
• Nature of business;
• Business registration details, where applicable;
• Tax identification details, where applicable;
• Director, proprietor, shareholder, or authorised representative information;
• Business contact details;
• Merchant or agent onboarding information;
• Terminal assignment details;
• Transaction history and settlement information;
• Other information required for onboarding, due diligence, risk assessment, compliance, service delivery, or partner processing.

1.3 Technical and Usage Information

When you use our website, digital platforms, forms, applications, or online services, we may collect:

• IP address;
• Browser type;
• Device type and device information;
• Operating system;
• Cookies and usage data;
• Pages visited on our website;
• Date, time, and duration of visits;
• Referral source;
• Interaction with forms, links, and platform features;
• General location information derived from your device or IP address, where applicable.

1.4 Transaction and Financial Information

We may collect information relating to:

• Investments;
• Savings products;
• POS transactions;
• Withdrawals;
• Deposits;
• Transfers;
• Bill payments;
• Settlement records;
• Failed, reversed, or disputed transactions;
• Payment history;
• Fees, commissions, and charges;
• Transaction references and related metadata.

1.5 Sensitive Personal Data

We may collect certain sensitive or regulated personal information, such as BVN, NIN, passport photograph, identity documents, financial information, and transaction records, primarily for:

• Know-Your-Customer verification;
• Anti-money laundering and counter-terrorism financing compliance;
• Fraud prevention;
• Identity verification;
• Regulatory reporting;
• Transaction monitoring;
• Risk management;
• Service delivery through licensed partners.

We will only collect sensitive or regulated information where necessary, lawful, and relevant to the service being provided.

Lawful Basis for Processing Your Information

We process your personal information only where we have a lawful basis to do so.

Depending on the circumstances, we may process your information based on one or more of the following:

• Consent: where you have given us permission to process your information for a specific purpose;
• Contractual necessity: where processing is necessary to provide a product or service you requested, or to take steps before entering into a service relationship with you;
• Legal and regulatory obligation: where we are required to process or retain information under applicable laws, regulations, court orders, compliance obligations, or regulatory directives;
• Legitimate interest: where processing is necessary for fraud prevention, service improvement, customer support, business administration, internal reporting, security, risk management, or protecting our legal and operational interests;
• Public interest or regulatory requirement: where processing is required for compliance with financial crime prevention, law enforcement, regulatory reporting, or other lawful public interest obligations.

How We Use Your Information

We may use your information to:

• Provide, operate, and manage our services;
• Process investment, savings, POS, agency banking, merchant, or customer applications;
• Verify your identity and eligibility;
• Conduct KYC, AML, CFT, sanctions, fraud, and risk checks;
• Process transactions, settlements, payments, withdrawals, reversals, and disputes;
• Communicate with you about your account, application, transaction, or service request;
• Respond to complaints, enquiries, and customer support requests;
• Monitor transactions and service usage for fraud, abuse, suspicious activity, or regulatory compliance;
• Improve our website, products, services, systems, and customer experience;
• Send service updates, policy updates, security alerts, and important notifications;
• Send marketing communications, where permitted;
• Conduct internal analysis, reporting, audits, and business planning;
• Enforce our Terms & Conditions, agreements, and operational guidelines;
• Meet legal, regulatory, tax, accounting, audit, and compliance obligations;
• Protect the rights, property, safety, and interests of Prospera Finance, our users, partners, employees, and the public.

We do not sell your personal information to third parties.

Automated Decision-Making and Profiling

We may use automated or semi-automated processes to support identity verification, fraud detection, transaction monitoring, risk scoring, compliance checks, and service eligibility assessment. Where an automated process results in a significant decision about you, you may request human review or intervention, subject to applicable laws, regulatory requirements, fraud prevention obligations, and service-specific conditions.

Cookies and Tracking Technologies

Our website and digital platforms may use cookies and similar technologies to improve user experience, analyse website traffic, remember user preferences, enhance functionality, and understand how visitors use our services.

Cookies may help us improve website performance, remember preferences, analyse traffic and usage patterns, detect technical issues, support security and fraud prevention, and improve content and service delivery. You may disable cookies through your browser settings. However, some parts of our website or digital services may not function properly if cookies are disabled. Where required, we will request your consent before using non-essential cookies.

How We Share Your Information

We may share your information where necessary, lawful, and relevant to the services we provide.

6.1 Licensed Banking and Financial Partners

We may share your information with licensed banks, financial institutions, payment processors, settlement banks, payment terminal service providers, switches, card processors, and other regulated partners for purposes including account opening, transaction processing, settlement, KYC, AML/CFT compliance, fraud prevention, dispute resolution, regulatory reporting, and service delivery.

Some Prospera Finance services may rely on the infrastructure, systems, platforms, licences, regulatory approvals, or operational frameworks of third-party providers and licensed partners.

6.2 Service Providers and Vendors

We may share information with third-party service providers that support our operations, including cloud hosting, technology vendors, identity verification providers, payment processors, AML and fraud monitoring providers, customer support tools, analytics providers, email/SMS providers, advisers, auditors, consultants, and digital marketing support providers. These providers are expected to process your information only for authorised purposes and to protect it using appropriate security and confidentiality measures.

6.3 Regulatory, Legal, and Government Authorities

We may disclose your information to regulators, law enforcement agencies, courts, government bodies, tax authorities, financial intelligence units, or other lawful authorities where required or permitted by law for compliance, lawful requests, suspicious transaction reporting, legal rights protection, fraud prevention, and regulatory obligations.

6.4 Business Transfers

If Prospera Finance undergoes a merger, restructuring, acquisition, investment, asset transfer, financing arrangement, or similar business transaction, your information may be transferred or disclosed as part of that process, subject to appropriate confidentiality, legal, and data protection safeguards.

Cross-Border Data Transfers

Some of our service providers, technology platforms, hosting providers, communication tools, analytics services, or operational partners may process or store data outside Nigeria. Where your personal information is transferred outside Nigeria, we will take reasonable steps to ensure that such transfers are made in accordance with applicable data protection laws and are protected through appropriate safeguards, contractual obligations, security controls, or lawful transfer mechanisms.

How We Protect Your Information

Prospera Finance takes reasonable administrative, technical, and physical measures to protect your information against unauthorised access, misuse, loss, alteration, disclosure, or destruction.

• Secure servers and access controls;
• Encryption and other appropriate security controls where applicable;
• Restricted staff access based on business need;
• Identity verification procedures;
• Transaction monitoring;
• Staff confidentiality obligations;
• Internal policies and operational controls;
• Secure record handling and retention procedures;
• Periodic review of security practices.

Although we take reasonable steps to protect your information, no physical or digital system can guarantee absolute security. You are also responsible for keeping your login details, devices, account information, and POS terminal access secure.

Data Retention

We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including to provide our services, maintain records, meet legal and regulatory obligations, resolve disputes, prevent fraud, enforce agreements, support investigations, and comply with partner and regulatory requirements.

Financial transaction records, identity verification records, and compliance-related records may typically be retained for a minimum of seven (7) years, or for any longer period required by applicable law, regulation, partner requirement, dispute, investigation, or legitimate business need. When information is no longer required, we will take reasonable steps to securely delete, anonymise, archive, or restrict access to it where appropriate.

Your Data Protection Rights

Subject to applicable laws, verification requirements, and lawful exemptions, you may have the right to:

• Be informed about how your personal information is processed;
• Request access to your personal information;
• Request correction of inaccurate or incomplete information;
• Request deletion of your information where applicable;
• Withdraw consent where processing is based on consent;
• Object to certain forms of processing;
• Request restriction of processing;
• Request data portability where applicable;
• Request clarification about how your information is used;
• Request human review of certain automated decisions;
• Lodge a complaint with the Nigeria Data Protection Commission or another competent authority.

To exercise any of these rights, please contact us using the details provided in this Privacy Policy. We may need to verify your identity before processing your request. We will endeavour to respond to valid requests within thirty (30) days, subject to applicable legal, regulatory, security, or operational requirements. Some requests may not be granted where we are required to retain or process the information for legal, regulatory, contractual, fraud prevention, dispute resolution, AML/CFT, or legitimate business reasons.

Marketing Communications

We may send you updates about our products, services, investment opportunities, educational content, campaigns, offers, or other relevant information.

You may opt out of marketing communications at any time by following the unsubscribe instructions in the message or by contacting us. Even if you opt out of marketing communications, we may still send you important service-related messages, including transaction notifications, security alerts, policy updates, regulatory notices, account information, or other non-marketing communications necessary for service delivery.

Children’s Privacy

Our services are intended for individuals who are at least 18 years old, unless a service is lawfully provided with parental or legal guardian involvement and in compliance with applicable requirements.

We do not knowingly collect personal information from minors unlawfully. If we become aware that we have collected personal information from a minor without appropriate consent or lawful basis, we will take reasonable steps to delete or restrict such information, subject to applicable legal or regulatory obligations.

Third-Party Links and External Platforms

Our website, communications, or digital services may contain links to third-party websites, platforms, or services.

Prospera Finance is not responsible for the privacy practices, content, security, or data handling practices of external websites or third-party platforms. Users are encouraged to review the privacy policies and terms of those third-party platforms before using them.

Data Breach Notification

If we become aware of a data breach or security incident involving your personal information, we will take reasonable steps to investigate, contain, and remediate the incident. Where required by applicable law or regulation, we will notify affected users, relevant regulators, partners, or authorities within the required timeframe and provide appropriate information about the incident and any recommended protective steps.

Complaints and Enquiries

If you have questions, concerns, complaints, or requests relating to this Privacy Policy or how your personal information is handled, please contact us using the details below. We will review your complaint and make reasonable efforts to resolve it in a fair and timely manner. Where you are not satisfied with our response, you may contact the Nigeria Data Protection Commission or any other competent regulatory authority.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our services, operations, technology, partner arrangements, legal obligations, regulatory requirements, or business practices. Updated versions will be published on our website with a revised “Last Updated” date.

Continued use of our services after updates are published or communicated means you acknowledge the updated Privacy Policy.