NEWEDGE FINANCE LIMITED
Data Protection Policy
NEWEDGE FINANCE LIMITED is a service provider , which service ranges from lending, finance, financial consultancy etc, to achieve its aim of providing excellent and efficient services , we collect information to provide better services to all our clients — from personal informati- on, financial information and guarantor information etc the extent to which these information are used, depends on how you use our serv- ices and how must liability you incur with us.
Definitions
Company NEWEDGE FINANCE LIMITED (NFL)
NITDA means the National Information Technology Development Agency
Responsible Person General Manager/Data Controller (Hong Jiang- 39 Ogunnusi road, Ogba, Lagos Nigeria)
Personal Data/Information May be used interchangeably, this refers to full name, phone number, photo, date of birth, address, email address, next of kin information, phone contact details (for verifying identity) nationality, location of any individual requesting for our services
Effective Date 24th June, 2019
Data Subject Any individual who requests for our services and who provides any form of information to NFL
Data Processing the collection and manipulation of items of data to produce meaningful information
Consent Your provision of personal/financial information to us for accessing our services signifies your acceptance of the terms of use of your data for every lawful purpose in order to provide you our services or to achieve any recovery effort , if you default on the terms of your laon or any other service which we have provided to you
Data Security Encryption
Data Domiciliation NEWEDGE Database
Data Storage (Back-up and disaster recovery solutions) Data stored in multiple zones, multiple backups, master-slave switching
Database Management System means software that allows a computer to create a database, add, change or delete data in the database; allows data in the database to be processed, sorted or retrieved;
Archiving Policy Data storage and archiving is done using Amazon Web Service (AWS)
1. Data protection principles
NFL is committed to processing data in accordance with its responsibilities under the National Information Technology Development Agency (NITDA act) of 2007.

(1)In addition to the procedures laid down in this Regulation or any other instrument for the time being in force, your personal data shall be:

a)collected and processed in accordance with specific, legitimate and lawful purpose consented to by you (the Data Subject; provided that:

i.a further processing may be done only for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; 

ii. we would not proceed with further data processing without your consent under the provision of this paragraph (b) and we shall not t- ransfer your personal data to any other person without your consent;

b)data processing by NFL shall be adequate, accurate and without prejudice to the dignity of human person;

c)your data shall be stored only for the period  within which it is reasonably needed ( depending on regulatory requirements this is us- ually a period of 5 years after your last business relationship with us  and

d)your data shall secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipula- tions of any kind, damage by rain, fire or exposure to other natural elements.

(2)NFL owes you a  “duty of care”  as to possession, archiving, referencing  your  personal data ;

2. General provisions

a.This policy applies to all personal data processed by NEWEDGE FINANCE LIMITED (NFL).

b.The Responsible Person shall take responsibility for NEWEDGE FINANCE LIMITED’s ongoing compliance with this policy.

c.This policy shall be reviewed at least annually.

d.NEWEDGE FINANCE LIMITED shall ensure compliance and liaise with the Data Protection Ccompliance Organization (DPCOs) under National Information Technology Development Agency as  an organisation that processes personal data for the third party audit if and when the need arises .

3. Lawful, fair and transparent processing

a.To ensure its processing of data is lawful, fair and transparent, NEWEDGE FINANCE LIMITED shall maintain a database Management System.

b.The database management system shall be reviewed at least annually.

c.All data subjects have the right to access their personal data and any such requests made to NEWEDGE FINANCE LIMITED shall be dealt with in a timely manner.

4. Lawful purposes

a.All data processed by NEWEDGE FINANCE LIMITED has been done on the following lawful basis: consent, contract, legal obligation, vital interests, public task or legitimate interests of the General Data Protection,  1999 constitution of the Federal Republic of Nigeria and Section 37 and the National Information Technology Development Agency (NITDA act ) of 2007.

b.NEWEDGE FINANCE LIMITED shall note the appropriate lawful basis in NITDA Act 2007

 

c.Where consent is relied upon as a lawful basis for processing data, evidence of opt-in  consent shall be kept with the personal data.

 

d.Where communications are sent to data subjects  based on their consent, the option for the data subjects  to revoke their consent should be clearly available i.e through via a click of a button and NFL must ensure that systems are  in place to ensure such revocation is reflected accurately in it’s systems. 

5. Data minimisation and Purpose

a.NFL shall ensure that personal data received and processed from its Data Subjects are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

b.NFL shall ensure that personal data received and processed from its Data subjects shall be used for the purpose of accessing loans and for direct marketing of company’s products. Employee data shall be used for the purpose of employee relation and Human Resources records only.

6. Accuracy

a.NEWEDGE FINANCE LIMITED shall take reasonable steps to ensure personal data received from data subject  is accurate, this might require requesting further access to devices and other means of verification of data received.

b.Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date-this might require additional requests for specific information from data subject.

7.   Right of Data subject
NFL shall ensure that data subjects are privileged to the following rights

a.The right to be informed about how the data that they provide will be used.  

b.The right of access to their personal data and how it is processed.       

c.The right to rectification if the data held is inaccurate or incomplete

d.The right to erasure - or ‘the right to be forgotten’ – data subject can request that their personal data be deleted 

e.The right to restrict processing - where just enough information about data subject is held but not processed  

f.The right to data portability so data subject can obtain and reuse their personal data for their own purposes across different services   

g.The right to object to processing in the form of profiling for instance, direct marketing and processing for purposes of scientific/ historical research and statistics.

8. Archiving / removal

a.To ensure that personal data is kept for no longer than necessary, NEWEDGE FINANCE LIMITED shall put in place an archiving policy for each area in which personal data is processed and review this process annually.

b.The archiving policy shall consider what data should/must be retained, for how long, and why.

9. Security and Access

a.NEWEDGE FINANCE LIMITED shall ensure that personal data is stored securely using modern software that is kept-up-to-date. 

b.Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.

c.When personal data is deleted this should be done safely such that the data is irrecoverable .

d.Appropriate back-up and disaster recovery solutions shall be in place.

e.Access to data subject shall be in accordance to actual need (see data administration and purpose-6), and shall not be release to unauthorized persons or third party without the necessary approval.

10. Breach
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, NEWEDGE FINANCE LIMITED shall promptly conduct a risk assessment, provide mitigating advice and information to its affected Data Subjects,   and  where appropriate, report this breach to the National Information Technology Development Agency (NITDA).