Data Protection

Pixe Finance Limited (“Pixe,” “we,” “us”) is committed to protecting the privacy and security of your personal data. This Data Protection page outlines our compliance with the Nigeria Data Protection Regulation (NDPR) and other applicable data protection laws.

1. Our Commitment

We take data protection seriously. As a regulated financial services provider, we adhere to the principles of the Nigeria Data Protection Regulation (NDPR) and implement appropriate technical and organisational measures to safeguard your personal data.

2. Data Protection Principles

We comply with the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose Limitation: We collect data only for specified, explicit, and legitimate purposes.
• Data Minimisation: We collect only data that is adequate, relevant, and limited to what is necessary.
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
• Storage Limitation: We retain data only for as long as necessary for the purposes for which it was collected.
• Integrity and Confidentiality: We process data in a manner that ensures appropriate security.
• Accountability: We are responsible for and can demonstrate compliance with these principles.

3. Lawful Basis for Processing

We process personal data under the following lawful bases as recognised by the NDPR:

• Consent: Where you have given us clear consent to process your data for a specific purpose.
• Contractual Necessity: Where processing is necessary to perform our contract with you (e.g., to provide financing services).
• Legal Obligation: Where processing is required to comply with our legal and regulatory obligations, including CBN and FCCPC requirements.
• Legitimate Interests: Where processing is necessary for our legitimate business interests, including fraud prevention, network security, and credit assessment.

4. Data Subject Rights

Under the NDPR, you have the following rights regarding your personal data:

• Right to be Informed: You have the right to be informed about the collection and use of your personal data.
• Right of Access: You have the right to obtain confirmation that your data is being processed and access to that data.
• Right to Rectification: You have the right to request correction of inaccurate personal data.
• Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: You have the right to request restriction of processing in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format.
• Right to Object: You have the right to object to processing based on legitimate interests.

To exercise any of these rights, please contact our Data Protection Officer at support@pixefinance.com. We will respond to your request within one month.

5. Data Security Measures

We implement the following security measures to protect your personal data:

• Encryption: All personal data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Access to personal data is restricted to authorised personnel on a need-to-know basis.
• Regular Audits: We conduct regular security audits and vulnerability assessments.
• Staff Training: All employees receive mandatory data protection and privacy training.
• Incident Response: We maintain a data breach incident response plan and will notify affected individuals and the NDPC within 72 hours of a breach as required by law.

6. Data Sharing and Third Parties

We may share your personal data with the following categories of third parties, all of whom are contractually obligated to protect your data:

• Credit bureaus and credit reference agencies.
• Payment processing partners.
• Identity verification and KYC service providers.
• Regulatory authorities and law enforcement agencies (as required by law).
• Partner retail stores for order fulfilment.

We do not sell your personal data to third parties.

7. International Data Transfers

Where we transfer your personal data to third-party service providers located outside Nigeria, we ensure that appropriate safeguards are in place, including standard contractual clauses or equivalent legal mechanisms, to protect your data in accordance with NDPR requirements.

8. Data Retention

We retain your personal data for the following periods:

• Customer Data: Retained for six (6) years after the end of our business relationship, in compliance with CBN record-keeping requirements.
• Transactional Data: Retained for six (6) years from the date of each transaction.
• Prospective Customer Data: Retained for two (2) years from the date of collection.
• Technical Data (logs, cookies): Retained for twelve (12) months.

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and compliance with the NDPR. You can contact our DPO at:

Email: dpo@pixefinance.com
Address: Lagos, Nigeria

10. Complaints

If you believe that we have not complied with our data protection obligations, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC):

Website: ndpc.gov.ng

11. Updates to This Policy

We may update this Data Protection page from time to time. We will notify you of material changes by posting the updated page on our website. We encourage you to review this page periodically.