P R I V A C Y P O L I C Y

This Privacy Statement explains how we process personal data at Parallex Microfinance Bank about people with whom we come into contact with (referred to as “you” in this document) in the course of our dealings with such clients and other relevant persons. This includes employees, officers, directors, beneficial owners and other personnel of our clients, service providers and other business counterparties (referred to as “Your Organization” in this document). At Parallex MFB, we are committed to protecting and respecting our customer’s privacy.

Why Data Privacy?

The policy explains when and why we collect Personal Information about people who visit our website, use our internet banking, our mobile app and our cards online. It explains how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Who is responsible for your personal data and how can you contact them?

Parallex Microfinance Bank Limited (referred to as “we” in this document) are the controllers of your personal data: For more details, you can contact our Data Protection personnel via olusola.taiwo@parallexbank.com or Parallex Microfinance Bank, 8A, Ogundanna Street, Off Allen, Ikeja, Lagos-Nigeria.

What is Personal Data?

Personal data means any information that relates to an identified or identifiable living individual person ('data subject'); an identifiable living person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This means different pieces of information, which when collected together can lead to the identification of a particular person also constitute personal data.

Why do we process your personal data?

We process your personal data for the following reasons:

• To aid in our decision making whether to enter into a contract with a customer you are connected to (e.g. where you are a Director, Guarantor, Shareholder, Authorized Signatory or Ultimate Beneficial Owner of a potential customer)

• To help us in compiling with our regulatory and legal obligations to perform customer identification, verification and ongoing monitoring of customer relationships and customer transactions for money laundering, terrorist financing, fraud and other financial crime prevention.

• Where we need to carry out the contractual obligation that we are about to enter with your organization or that we have entered with your organization.

• To provide financial services/products to our clients and to communicate with you and/or our clients about them;

• To help manage, administer and improve our business, client and service provider engagements and relationships and for corporate marketing, business development, and analysis purposes;

• To monitor and analyze the use of our services/products for system administration, operation, testing and support purposes;

• To establish, exercise and/or defend legal claims or rights and to protect, exercise and enforce our rights, property or safety, or to assist our clients or others to do this; and

• To investigate and respond to complaints or incidents relating to us or our business.

• To help maintain service quality and to train staff to deal with complaints and disputes..

In most cases, we do not rely on consent as the legal basis for processing your personal data. If we do rely on your consent, we will make this clear to you at the time we ask for your consent. If you do not provide information that we request, we may unable to provide (or continue providing) relevant services/products to, or otherwise do business with, you or your organization.

Where does Parallex Microfinance Bank obtain personal data about you?

We process personal data that you provide to us directly or that we learn about you from your use of our systems and our communications and other dealings with you and/or your Organization. Your Organization may also give us some personal data about you. This may include your date of birth, title and job description, contact details such as your business email address, physical address and telephone number and other information required for KYC, AML and/or sanctions checking purposes (e.g. copies of your passport or a specimen of your signature). We also obtain some personal data about you from publically available websites, databases and other public data sources.

To whom do we disclose your personal data?

We disclose your personal data, for the reasons set out below:

• To your organization in connection with the products and services that we provide to it if your organization is our customer or client, or otherwise in connection with our dealings with your organization;

• To counterparty or Correspondent Banks, Payment Infrastructure Providers and other persons from whom we receive, or to whom we make, payments on our customers or clients’ behalf;

• To export credit agencies, multilateral agencies, development finance institutions, other financial institutions, governmental authorities and their agents, insurers, due diligence service providers and credit assessors, in each case in connection with the products and services that we provide to you or your organization if you or your organization is our client, including in connection with financings;

• To service providers that provide application processing, fraud monitoring, call center and/or other customer services, hosting services and other technology and business process outsourcing services;

• To our professional service providers (e.g., legal advisors, accountants, auditors, insurers and tax advisors);

• To legal advisors, government and law enforcement authorities and other persons involved in, or contemplating legal proceedings;

• To competent regulatory, prosecuting, tax or governmental authorities, courts or other tribunals.

• To other persons where disclosure is required by law or to enable products and services to be provided to you or our clients; and



How do we protect your personal data?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and third parties who have a business need to know. They will only process your personal information on our instructions and subject to a duty of confidentiality.

Where do we transfer your personal data?

We may transfer your personal data to Parallex Microfinance Bank entities, regulatory, prosecuting, tax and government authorities, courts and other tribunals, service providers and other business counterparties. When we transfer your personal data to Parallex Microfinance Bank entities, service providers or other business counterparties, we will ensure that they protect your personal data using appropriate data safeguards.

How long do we keep your personal data?

We keep your personal data for as long as is necessary for the purposes of our relationship with you or your organization or in connection with performing an agreement with a customer/client or your organization or complying with a legal or regulatory obligation. We will retain your data for the duration of your contract or connection with us and for a period that aligns with legal and regulatory requirements.

Special Mention for EU Citizens

In compliance with General Data Protection Regulation (GDPR), EU customers shall have the following data access rights:

Data access rights for EU customers

Under certain circumstances, by law, as an EU Citizen, you have the right to: Request access to your personal information (commonly known as data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Request for the correction of the personal information we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where we continue to process beyond the necessary period, where you withdraw consent, where you object (see right to object to processing), where the data has not been processed lawfully or it is necessary to delete the personal information to comply with a legal obligation. This is subject to legal and regulatory requirements. Object to the processing of your personal information. Where you object to the processing of your personal information, the Bank shall no longer process the personal data unless the bank is able to demonstrate compelling legitimate grounds for the processing which overrides the interests, rights, and freedoms that you have. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information where you believe the information is inaccurate, our processing is unlawful, or where you have raised an objection to process. Request to transfer your personal information to another party. We may transfer your personal data to Parallex Microfinance Bank entities, regulatory, prosecuting, tax and government authorities, courts and other tribunals, service providers and other business counterparties located in countries outside the European Economic Area (EEA), including countries which have different data protection standards to those which apply in the EEA. When we transfer your personal data to Parallex Microfinance Bank entities, service providers or other business counterparties in these countries, we will ensure that they protect your personal data using appropriate data safeguards. Data breach shall be communicated to you by the Data Protection Personnel whenever data breach is recorded in the Bank. If you want to exercise any of your rights, please contact the Data Protection Personnel dataprotectionpersonnel@parallexbank.com

Changes to this Privacy Statement

This Privacy Statement takes effect on __ June 2018; it was last updated on __ June 2018. If we change it, to keep you fully aware of our processing of your personal data and related matters, we will post the new version of this website. You are advised to visit this page occasionally to ensure that you are abreast with any change. By using our website, you are agreeing to be bound by this policy.