Privacy Policy

Glossary

• "Consent": means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, whether by a written or oral statement, or a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her or to another individual on whose behalf he has the permission to provide such consent.
• "Database": means a collection of data organized in a manner that allows access, retrieval, deletion and processing of that data; it includes but not limited to structured, unstructured, cached and file system type databases.
• "Processing": Any operation or set of operations which is performed on Personal data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• "Data Controller": means an individual, private entity, public Commission, agency or any other body who, alone or jointly with others, determines the purposes and means of processing of personal data.
• "Data Processor": means a person or organization that processes Personal Data on behalf and on instructions of Plumter Limited.
• "Data Subject": means any person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
• "Third Party": Any natural or legal person, public authority, establishment, or any other body other than the Data Subject, the Data Controller, the Data Administrator, and the persons who are engaged by the Data Controller or the Data Administrator to process Personal Data.
• "NDPA": means the Nigeria Data Protection Act, 2023.
• "NDPR": means the Nigeria Data Protection Regulation, 2019.
• "NDPC": means the Nigeria Data Protection Commission.
• "Personal Data": means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; It can be anything from a name, address, a photo, an email address, bank details, posts on social networking websites, medical information, and other unique identifier such as but not limited to MAC address, IP address, IMEI number, IMSI number, SIM, Personal Identifiable Information (PII) and others.
• "Sensitive Personal Data": means data relating to religious or other beliefs, sexual orientation, health, race, ethnicity, political views, trades union membership, criminal records, genetic and biometric data - for the purpose of uniquely identifying a natural person or any other sensitive personal information prescribed by the NDPC, as sensitive personal data.
• "Personal Data Breach": A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal data transmitted, stored, or otherwise processed.
• "Foreign Country": Other sovereign states, autonomous or semi-autonomous territories within the international community.
• "Data Subject Access Request": The mechanism for an individual to request a copy of their data under a formal process which may include payment of a fee.

Introduction

Raiz Digital Services Limited (Raiz, "Our", "We", or "Us") respect your privacy and are committed to protecting your personal data. You provide us with your personal data, when you use our internet-enabled platforms ("platforms", which include social media channels, website, software, services, applications, products and content). This Privacy Policy is designed to help you understand what information we gather about you, what we use that information for, and with whom we share that information. It also sets out your rights in relation to your information and who you may contact for more information or queries. Please read the following carefully to understand our processes and practices regarding your personal data and how we will treat it. By accessing or using our Services, website, software, services, applications, products and content offered via Raiz (collectively, the "Services"), you agree that you have read and accepted this Privacy Policy and our Terms of Use and consent to the data practices described herein.

Kindly note that this Privacy Policy is strictly restricted to only our services and therefore does not apply to services that are not owned, processed or controlled by Raiz, including third-party websites and the services of other Raiz merchants. These other sites may place their own cookies, plug-ins or other files on your computer, collect data or solicit personal information from you. Raiz does not control these third-party websites and we are not responsible for their privacy statements. Please consult such third parties’ privacy statements. We are committed to handling all personal data provided to us in compliance with applicable data privacy and protection laws.

Information We Collect

Information You Provide Us: To gain full access to our website and services, you must register for a Raiz account. When you register for an account, we collect Personal Information which you voluntarily provide to us. Personal Information refers to information relating to an identified person or information that can be used to identify you, (e.g. email address, bank details, name, telephone number, or other identifiers). It may also include anonymous information that may be linked to you specifically, (e.g. IP address).

The Personal Information we have about you is directly made available to us when you:

• Sign up for a Raiz Account;
• Use any of our products and services;
• Contact us or our customer support team;
• Fill our online forms;

In certain cases, including when you engage in high-value or high-volume transactions, or when we are required to comply with applicable anti-money laundering (AML) regulations, we may request additional information. This may include:

• Copies of bank account statements.
• Other documents required for identity verification or compliance purposes.

We also gather your personal data using cookies, pixel tags, and other advanced tracking technologies to enhance your experience, tailor content, and optimise our services during your interactions with our platform. These tools allow us to understand your preferences, monitor usage patterns, detect and prevent fraudulent activities and strengthen security, ensuring a safer and more personalised user experience.

Personal Information We May Collect About You

• Identity Data & Identification Documents: Information such as, your full name(s), your government-issued identity number, bank verification number (BVN) or NIN and your date of birth. Identification documents may include passport or any Government-issued identity card, a photograph (if applicable) and any other registration information you may provide to prove you are eligible to use our services. This data is to enable us to verify your identity in order to offer our services to you;
• Contact Data: This is data that is needed to reach out to you, such as your contact address, email address, telephone number, details of the device you use and billing details;
• Log/Technical information: When you access Raiz’s services, our servers automatically record information that your browser sends whenever you visit a website, links you have clicked on, length of visit on certain pages, unique device identifier, log-in information, location and other device details.
• Financial Data: Information, such as personal account number, the merchant’s name and location, the date and the total amount of transaction, and other information provided by financial institutions or merchants when we act on their behalf;
• Traceable Information: These are information that can be linked directly or indirectly to you whenever you use or interact with our services. This includes details about your device (e.g., type, OS, unique identifiers), interactions with our services (e.g., features accessed, actions performed, usage duration), financial transactions (e.g., history, payment details, timestamps), and additional data such as location, usage patterns, and session information.
• Transactional Data: These are information relating to payments when you as a merchant (using one or more of our payment processing services) or as a customer, are using our products or services;
• Marketing and Communications Data: This includes both a record of your decision to subscribe or to withdraw from receiving marketing materials from us or from our third parties.
• Records of your discussions with us, if we contact you and if you contact us.

How We May Use Your Personal Information

• Create and manage any accounts you may have with us, verify your identity, provide our services, and respond to your inquiries;
• To administer Raiz (i.e. to provide our Services to you) and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes (i.e. to guarantee Raiz’s stability and security), and to solicit your feedback
• Process your payment transactions (including authorisation, clearing, chargebacks and other related dispute resolution activities);
• Protect against and prevent fraud, unauthorised transactions, claims and other liabilities;
• Provide, administer and communicate with you about products, services, offers, programs and promotions of Raiz, financial institutions, merchants and partners;
• Evaluate and improve our business, including developing new products and services;
• As necessary to establish, exercise and defend legal rights; As may be required by applicable laws and regulations, including for compliance with Know Your Customers and risk assessment, Anti-Money Laundering, anti-corruption and sanctions screening requirements, or as requested by any judicial process, law enforcement or governmental agency having or claiming jurisdiction over Raiz or its affiliates;
• To use data analytics to improve our Website, products or services, and user experiences.
• For other purposes for which we provide specific notice at the time of collection.

How We Share Your Personal Data

We may disclose or share your Personal Information with third parties which include our affiliates, employees, officers, service providers, agents, suppliers, subcontractors as may be reasonably necessary for the purposes set out in this policy.

Raiz only shares personal information with External Third parties in the following limited circumstances:

• We have your consent. We require opt-in consent for the sharing of any personal information;
• We share Personal Information with third parties directly authorised by you to receive Personal Information, such as when you authorise a third-party application provider to access your account. The use of your Personal Information by an authorised third party is subject to the third party's privacy policy and Raiz shall bear no liability for any breach which may arise from such authorisation by you.
• We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons to process personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
• We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to: satisfy any applicable law, regulation, legal process or enforceable governmental request; enforce applicable Terms of Service, including investigation of potential violations thereof; detect, prevent, or otherwise address fraud, security or technical issues; or protect against imminent harm to the rights, property or safety of Raiz, its users or the public as required or permitted by law.
• If Raiz becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

Consent

You are deemed to have accepted the contents of this Privacy Policy when you access our platforms; use our services, content, features, technologies or functions offered on our website or digital platforms; or otherwise, interact with us. If you do not accept this Privacy Policy and do not wish to comply with the provisions set forth herein, you may not use or access our services or website. Note that you can withdraw your consent at any time. Such withdrawal of consent would not affect the lawfulness of processing information done prior to the withdrawal of consent. Where such withdrawal of consent would prevent us from providing services to you, we will endeavour to inform you.

Other Rights to Your Personal Information With Us

Below are the rights you have as a user in relation to your Personal Information. You are entitled to reach out to us to exercise the following rights, which are guaranteed by the Nigeria Data Protection Act with some limitations:

• Right to request access or copies to your Personal Information by contacting us... (as detailed in your policy).
• Right to objection or request for restriction of processing under specified circumstances.
• Right to correct or rectify any Personal Information that you provide which may be incorrect, out of date or inaccurate.
• Right to object to the processing of your Personal Information for marketing purposes.
• Right to request erasure of your Personal Information subject to legal exceptions.
• Right to object to automated decisions that produce legal effects concerning you.
• Right to data portability to receive or transfer your data in a machine-readable format.

To Whom We Disclose Your Information

It may be necessary for us to share your personal data with third parties... (as detailed in your policy), including advisors, regulators, potential buyers, due diligence partners, etc. We require all third parties to respect the privacy and ensure security of your personal data, and to treat it in accordance with the law.

International Transfers

We do not routinely transfer your personal data outside of Nigeria. Whenever we transfer your personal data out of Nigeria, we ensure that a similar degree of protection is afforded to it... Transfers will align with NDPA 2023 and NDPR 2019 requirements and applicable safeguards.

Marketing Communications

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Our marketing communications have opt-out links through which you can inform us to stop processing your data for such purposes.

How Long Do We Keep Your Personal Data

We will hold your personal information on Raiz’s systems for as long as is necessary to fulfil the purpose for which it was collected or to comply with any legal, regulatory, tax, accounting, reporting requirements or internal policy requirements... (include the durations you provided).

Change of Purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason... If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis.

Protection of Your Personal Data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed... including training, access controls, encryption, physical security, audits, and incident management.

Storage of Your Data

All personal data you provide to us may be stored on our secure cloud-based data storage as well as on our premises... We erase/delete personal data in line with specified triggers and legal directives.

Breach/Privacy Violation

In the event of a breach of security... we shall within 72 hours report the details to the NDPC and notify affected users where required.

Cookies

Like many other websites, we use cookies to distinguish you from other users and to customize and improve our services. Cookies allow our servers to remember IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities.

Your Privacy and Data Protection: We take all reasonable steps to handle your information securely and in line with the GDPR, NDPA 2023 and NDPR 2019.

Third-Party Cookies and Sharing of Information: All cookies used on our website/app are maintained and implemented either directly by us or by authorised third parties... You can contact us at: info@raiz.app

Managing Cookies: You have the option to manage or disable cookies through your browser settings at any time. However, disabling cookies may affect your experience on our website/app, as some features rely on them.

Age Restriction

Our Services are not directed, or intended to be attractive, to children under the age of 18... If we become aware that a child below the age of 18 has provided us with personal data without verifiable parental consent, we will remove such information.

Opt-Out Rights

If you do not wish to receive offers or other notices from us in the future, you can opt out by contacting us or via the unsubscribe links in our emails. Users cannot opt out of service/account communications.

Changes to Our Privacy Policy

Subject to applicable law, we may change, amend or review this Privacy Policy at any time to reflect new services or changes in our Policy. Material changes will be communicated appropriately. Continued use signifies consent to the amendments.

Complaints and Remedies

You may file a complaint if you believe your privacy rights have been violated. Contact our Data Protection Officer at ifedapo.ajayi@raiz.app. You may also contact the Nigeria Data Protection Commission (NDPC) at info@ndpc.gov.ng or its listed address. You may seek redress in court.

Contact Us

• Reaching out to the customer service support available on the website.
• Sending an email to info@raiz.app

This Privacy Policy was last updated on 21st of May, 2025.

Acceptable Use Policy

Raiz provides foreign virtual accounts to customers thus enables customers to receive and make payments... Eligibility depends on multiple factors including compliance, risk policies and occupation. Raiz reserves the right to refuse or verify applications at its discretion.

Restrictions on Using Our Platform

Transacting on your own account: All activities under a Raiz account shall be deemed as activities carried out by the registered user... Contact us immediately if you suspect unauthorised activity.

One account per person or entity: You may only open one Raiz account unless we have agreed in writing... Duplicate accounts may be merged or closed.

Restricted activities: You may use our platform only for lawful purposes... (as listed in your policy).

Restricted Line of Businesses

Raiz does not service transactions relating to the following restricted lines of business, including but not limited to: illegal activities, gambling, currency exchange (including crypto), investment schemes, crowdfunding, counterfeiting, ticket resales, firearms, adult content, pharmaceuticals, unlicensed financial services, hate content, or any product/service that creates liability to Raiz. Some may be pre-approved at Raiz's sole discretion following review; illegal activities will not be supported.