Raiz Digital Services Limited (“Raiz”, “Our”, “We”, or “Us”) is a company registered under Nigerian Law and under the laws of the State of Delaware, USA, and operating as Raiz Digital Services Limited under the laws of the USA with its registered address 300 Creek View Rd., Suite 205, Newark, Delaware (DE), 19711.

We respect your privacy and are committed to protecting your personal data. You provide us with your personal data, when you use our internet-enabled platforms (“platforms”, which include social media channels, website, software, services, applications, products and content). This Privacy Policy is designed to help you understand what information we gather about you, what we use that information for, and with whom we share that information. It also sets out your rights in relation to your information and who you may contact for more information or queries. Please read the following carefully to understand our processes and practices regarding your personal data and how we will treat it. By accessing or using our Services, website, software, services, applications, products and content offered via Raiz (collectively, the “Services”), you agree to this Privacy Policy and our Terms of Use.

Kindly note, this Privacy Policy does not apply to services that are not owned or controlled by Raiz, including third-party websites and the services of other Raiz merchants. These other sites may place their own cookies, plug-ins or other files on your computer, collect data or solicit personal information from you. Raiz does not control these third-party websites and we are not responsible for their privacy statements. Please consult such third parties’ privacy statements.

INFORMATION WE COLLECT

a. Information You Provide Us

To gain full access to our website and services, you must register for a Raiz account. When you register for an account, we collect Personal Information which you voluntarily provide to us. Personal Information refers to information relating to an identified person or information that can be used to identify you, (e.g. email address, bank details, name, telephone number). It may also include anonymous information that may be linked to you specifically, (e.g. IP address).

The Personal Information we have about you is directly made available to us when you:

Sign up for a Raiz Account;

Use any of our services;

Contact us or our customer support team;

Fill our online forms;

b. Personal Information We May Collect About You

We may collect, use, process, store, or transfer personal information such as:

Identity Data & Identification Documents: Information such as your full name(s), your government-issued identity number, bank verification number (BVN) or NIN, and your date of birth. Identification documents may include a passport or any Government-issued identity card, a photograph (if applicable), and any other registration information you may provide to prove you are eligible to use our services. This data is to enable us to verify your identity to offer our services to you;

Contact Data: This is data that is needed to reach out to you, such as your contact address, email address, telephone number, details of the device you use, and billing details;

Log/Technical information: When you access Raiz’s services, our servers automatically record information that your browser sends whenever you visit a website, links you have clicked on, length of visit on certain pages, unique device identifier, log-in information, location, and other device details.

Financial Data: Information, such as a personal account number, the merchant’s name and location, the date and the total amount of the transaction, and other information provided by financial institutions or merchants when we act on their behalf;

Transactional Data: These are information relating to payments when you as a merchant (using one or more of our payment processing services) or as a customer, are using our products or services;

Marketing and Communications Data: This includes both a record of your decision to subscribe or to withdraw from receiving marketing materials from us or from our third parties.

Records of your discussions with us, if we contact you, and if you contact us

HOW WE MAY USE YOUR PERSONAL INFORMATION

We may use the Personal Information we collect to:

Create and manage any accounts you may have with us, verify your identity, provide our services, and respond to your inquiries;

To administer Raiz (i.e. to provide our Services to you) and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes (i.e. to guarantee Raiz’s stability and security) and to solicit your feedback Process your payment transactions (including authorization, clearing, chargebacks, and other related dispute resolution activities);

Protect against and prevent fraud, unauthorized transactions, claims, and other liabilities;

Provide, administer and communicate with you about products, services, offers, programs, and promotions of Raiz, financial institutions, merchants and partners;

Evaluate and improve our business, including developing new products and services;

As necessary to establish, exercise and defend legal rights; As may be required by applicable laws and regulations, including for compliance with Know Your Customers and risk assessment, Anti-Money Laundering, anti-corruption and sanctions screening requirements, or as requested by any judicial process, law enforcement, or governmental agency having or claiming jurisdiction over Raiz or its affiliates;

To use data analytics to improve our Website, products, or services, and user experiences. For other purposes for which we provide specific notice at the time of collection.

• For other purposes for which we provide specific notice at the time of collection.

HOW WE SHARE YOUR PERSONAL DATA

We may disclose or share your Personal Information with third parties which include our affiliates, employees, officers, service providers, agents, suppliers, subcontractors as may be reasonably necessary for the purposes set out in this policy.

Raiz only shares personal information with External Third parties in the following limited circumstances:

We have your consent. We require opt-in consent for the sharing of any personal information; We share Personal Information with third parties directly authorized by you to receive Personal Information, such as when you authorize a third party application provider to access your account. The use of your Personal Information by an authorized third party is subject to the third party's privacy policy and Raiz shall bear no liability for any breach which may arise from such authorization by you.

We provide such information to our subsidiaries, affiliated companies, or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.

We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to:

satisfy any applicable law, regulation, legal process, or enforceable governmental request,

enforce applicable Terms of Service, including investigation of potential violations thereof

detect, prevent, or otherwise address fraud, security, or technical issues, or

protect against imminent harm to the rights, property or safety of Raiz, its users, or the public as required or permitted by law.

If Raiz becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and become subject to a different privacy policy.

CONSENT

You are deemed to have accepted the contents of this Privacy Policy when you access our platforms; use our services, content, features, technologies or functions offered on our website or digital platforms; or otherwise, interact with us.

Note that you can withdraw your consent at any time. Such withdrawal of consent would not affect the lawfulness of processing information done prior to the withdrawal of consent. Where such withdrawal of consent would prevent us from providing services to you, we will endeavour to inform you.

OTHER RIGHTS TO YOUR PERSONAL INFORMATION WITH US

Below are the rights you have as a user in relation to your Personal Information;

Right to request access or copies of your Personal Information by contacting us Right to information on their personal information collected and stored;

Right to objection or request for restriction; this means refrain us from doing certain things with your data or restrict the extent of our collection or processing of your data.

Right to correct or rectify any Personal Information that you provide which may be incorrect, out of date, or inaccurate.

Right to object to the processing of your Personal Information for marketing purposes. You have a right to ask us not to contact you for marketing purposes by adjusting your notification preference on the settings page or by opting out via the unsubscribe link in marketing emails we send you.

Right to request that Raiz erase your Personal Information. You have the right to ask us to erase your Personal Information. Please note that this is a limited right which applies where the data is no longer required, or the processing has no legal justification. The exceptions to this right are where the applicable law requires us to retain a historical archive or where we retain a core set of your personal data to ensure we do not inadvertently contact you in the future where you object to your data being used for marketing purposes.

Right to object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.

Right to request the movement of data from Raiz to a third party; this is the right to the portability of data;

The basis of we processing your Personal Information is your consent. You also have the choice at any time to withdraw consent which you have provided.

You may decline to provide your personal Information when it is requested by Raiz; however, certain services or all the services may be unavailable to you. You may review your account settings and update your Personal Information directly or by contacting us.

If you wish to exercise any of the rights set above, please contact us using the contact information provided in the Contact Us segment below.

To whom we disclose your information

It may be necessary for us to share your personal data with third parties. These third parties may include persons or entities affiliated with our company, or external third parties such as our service providers, and business partners.

We generally disclose details about you to professional advisors and third parties that provide services to us (such as IT systems providers, platform providers, financial advisors, consultants including lawyers and accountants) and other goods and services providers (such as providers of marketing services where we are permitted to disclose your personal data to them); competent authorities (including any national and/or international regulatory or enforcement body or court or other form of tribunal, where we are required to do so by applicable law or regulation at their request); a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Raiz’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it; credit reference agencies or other organizations that help us detect criminal activity and incidence of fraud; and any federal, state or local government departments and other statutory or public bodies.

We require all third parties to respect the privacy and ensure security of your personal data, and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

We do not routinely transfer your personal data outside of Nigeria. Whenever we transfer your personal data out of Nigeria, we ensure that a similar degree of protection is afforded to it in the country to which it is transferred. In any case, we may transfer data outside of Nigeria where the recipient country is on the data protection whitelist for the transfer of personal data as set out in the Nigeria Data Protection Act 2022 or such other applicable regulations.

Marketing communications

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. Our marketing communications have opt-out links through which you can inform us to stop processing your data for such purposes. Ideally, we would endeavour to acquire your consent before we send such marketing communications in the first place. However, where for some reason we are unable to acquire your consent before sending marketing communications or where we inadvertently send marketing communications to you, we would provide you with the option to opt-out from receiving such marketing communications.

How long do we keep your personal data

We will hold your personal information on Raiz’s systems for as long as is necessary to fulfil the purpose for which it was collected or to comply with any legal, regulatory, tax, accounting, reporting requirements or internal policy requirements. We endeavour to dispose of your personal data once we have concluded that we no longer require your personal data in connection with the purpose for which it was collected and if disposing of such personal data would not expose us to any actions, sanctions or claims. The periods for which we hold different categories of data differ. For example, we may hold personal data received:

• from unsuccessful job applications for six (6) months after notifying the applicant of the outcome;

• during a request to the help desk for three (3) years after the resolution of such request;

• while handling customer complaints for six (6) years after the resolution of the complaint; and

• from customers in relation to their accounts for six (6) years after the successful closure of their accounts.

Please note that the periods stated above are subject to overriding legal obligations and public policy, as well as changing business realities. Therefore, we shall endeavour to update the above-stated periods accordingly.

Change of purpose

We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Protection of your personal data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a professional need-to-know basis. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We use a range of physical, electronic and managerial measures to ensure that we keep your personal data secure, accurate and up to date. These measures include:

• education and training of relevant staff to ensure they are aware of our privacy obligations when handling personal data as well as training around social engineering, phishing, spear phishing, and password risks;

• administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;

• technological security measures, including firewalls, encryption and anti-virus software;

• physical security measures, such as staff security passes to access our premises;

• external technical assessments, security audits and vendor due diligence;

• endpoint security: anti-virus, portable storage device lockdown, restricted administrative privileges

• Real-time monitoring of data leakage controls;

• Layered and comprehensive cybersecurity defences; and

• Security incident reporting and management.

• Although we use appropriate security measures once we have received your personal data, the transmission of data

• over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

Storage of Your Data

All personal data you provide to us may be stored on our secure cloud-based data storage as well as on our premises, off-site based locations and network-accessible storage which include external drives only for authorized users. By providing your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We erase/delete personal data in the event of any of the following:

The personal data is no longer necessary in relation to the purposes for which they were collected or processed;

You withdraw your consent or object to the processing and there is no overriding lawful basis for the processing;

The personal data was unlawfully collected or processed in the first place; or

In compliance with lawful directives from government regulators.

Breach/Privacy Violation

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to your personal data, we shall within 72 (seventy-two) hours of having knowledge of such breach report the details of the breach to the appropriate government agency.

Where we ascertain that such breach is detrimental to your rights and freedoms in relation to your personal data, we shall within 7 (Seven) days of knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.

COOKIES

Like many other websites, we use cookies to distinguish you from other users and to customize and improve our services. Cookies allow our servers to remember IP addresses, date and time of visits, monitor web traffic, and prevent fraudulent activities.

Our cookies never store personal or sensitive information; they simply hold a unique random reference to you so that once you visit the site we can recognize who you are and provide certain content to you.

If your browser or browser add-on permits, you have the choice to disable cookies on our website; however, this may impact your experience using our website. Unless you opt out of Cookies, we will assume you consent to the use of Cookies.

AGE RESTRICTION

Our Services are not directed, or intended to be attractive, to children under the age of 18. We do not knowingly collect Personal Information from children under the age of 18. If you are under the Age Limit, please do not use the Services, and do not provide any personal data to us.

If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Privacy Policy.

OPT-OUT RIGHTS

If you do not wish to receive offers or other notices from us in the future, you can "opt out" by contacting us as indicated at the end of this Privacy Policy or by following the "unsubscribe" instructions in any communication you receive from us. Please be aware that if you are a User, you are not able to opt out of receiving communications about your Raiz account or related transactions with us.

CHANGE TO OUR PRIVACY POLICY

Subject to applicable law, we may change, amend or review this Privacy Policy at any time to reflect new services or changes in our Policy. All changes made will be posted on this page and where changes will materially affect you, we will notify you of this change by placing a notice online or via mail. If you keep using our Services, you consent to all amendments of this Privacy Policy.

CONTACT US

If you have any questions, comments, or concerns with respect to your Personal Information or this Privacy Policy, you may contact us by:

• reaching out to the customer service support available on the website.

• sending an email to info@raiz.app

This Privacy Policy was last updated on 13th February 2024