This Privacy Policy is issued by Izifin, and explains how we use and protect your personal data that you provide to us or in connection with your use of our services.

Scope of this policy

By accessing or using any part of our platform, you acknowledge and give consent to the practices outlined in this Policy. This Privacy Policy applies to all users and visitors of our platform and covers the data practices related to the Services we offer, including Lending as a Service, Data as a Service, and Surveys. Whether you are applying for credit, interacting with survey tools, or accessing insights derived from data analytics, this policy explains how your information is collected, used, stored, and shared.

This privacy policy supplements our Terms and Conditions that are currently on our website and such other notices that we may provide on specific occasions when we are collecting or processing your personal data. Our privacy policy may be updated from time to time so you may wish to check it each time you submit personal information to us. The date of the most recent revision will appear at the top of this document.

The Information we may collect

The specific types of personal Information that we may collect, use and store includes but is not limited to:

• All personal information obtained from persons using the Service.
• Information provided to us while making an enquiry on the use of the Service.
• Information provided to us while reporting a problem or making a complaint about the Service.

This may include personal identifiers (for example- name, email, phone number), financial details, responses to survey questions, or any other information voluntarily shared with us.

Purpose of Data Collection

• To Provide and Operate Our Services: We use your personal and financial information to facilitate access to lending options through our platform, assess eligibility, and connect you with suitable lenders. This ensures the platform operates reliably and delivers expected outcomes.
• To Assess Creditworthiness and Risk: For lending-related services, we may analyze identity, income, and behavioral data to evaluate creditworthiness, determine suitability for various lending options, and support lenders in making informed credit decisions.
• To Analyze and Generate Insights: Anonymized or aggregated data may be used to generate market insights, trends, and reports shared with third parties or used internally to improve our services.
• To Improve User Experience: We review user behavior, support logs, and survey feedback to optimize service delivery, improve usability, and personalize your experience on our platform.
• To Provide Customer and Technical Support: Your contact details and usage information enable us to respond to enquiries, resolve complaints, and offer support in a timely and informed manner.
• To Ensure Security and Legal Compliance: We monitor platform activity, access logs, and authentication data to detect and prevent fraud, protect user accounts, and meet legal or regulatory obligations.
• To Communicate With You: We may send you service-related updates, notifications about your account or transactions, surveys, and changes to our terms or policies.
• To Run and Improve Our Business: This includes managing accounts, billing, conducting audits, measuring performance, enforcing legal rights, and expanding or refining our product offerings.

Legal Basis for Processing

We will use your personal data only to the extent permitted by law. Under the Nigeria Data Protection Act 2023 (NDPA), personal data may be processed under any of the following lawful basis:

• Where you consent to our use of your personal data
• Where your personal information is necessary for the performance of the contract to use our Services
• Where we need to comply with a legal obligation.
• Where we need to protect your vital interest or the vital interest of another individual
• Where it is in the interest of the general public to process your data
• Where it is necessary for our legitimate business interests or those of a third party, provided these interests are not overridden by your fundamental rights and freedoms.

While we mostly collect and process your data with your consent, we may collect and process your data under any of the identified lawful bases depending on the circumstance. We do not always need your consent to process your data. However, we do need your consent before we can process your data for purposes such as direct marketing communications. You are at liberty to withdraw your consent to such kinds of processing at any time. Where such withdrawal makes us unable to proceed with providing you with certain Services, we will inform you accordingly.

By using our Services, you agree to the terms of this Privacy Policy, as to allow us to utilize your data to service you more accurately.

Disclosure of your information

We may disclose your personal information to our affiliates, subsidiaries, or any member of our corporate group, where necessary for legitimate business purposes and in accordance with applicable data protection laws.We may disclose your personal information in the following circumstances:

We may also share your information with trusted third parties, including service providers, partners, legal and regulatory authorities, in the following circumstances:

• To comply with a legal or regulatory obligation, court order, or other lawful request;
• To enforce or apply our Terms of Use, agreements, or policies;
• To protect the rights, property, or safety of our company, our clients, users, or others;
• In connection with a merger, acquisition, restructuring, or sale of our business or assets, in which case your personal data may be transferred as part of that transaction.

Data Sharing and Transfers

We may transfer your personal data to third-party service providers, partners, financial institutions, and affiliates, including into jurisdictions that may not have the same level of data protection as our own. In such cases, we ensure that appropriate safeguards are in place to protect your information, such as standard contractual clauses, data processing agreements, or other lawful transfer mechanisms recognized under applicable data protection laws.

All third-party processors who handle your personal data on our behalf are required to follow strict data security and confidentiality obligations and may not use your personal data for any purpose other than to provide services as instructed by us.

We only share your data to the extent necessary to support the functionality of our services and to meet our legal or regulatory obligations.

Additionally, we may share your personal data in connection with mergers, acquisitions, or other business transactions involving the sale or transfer of our business or assets.

Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it from accidental or unlawful destruction, loss, alteration, unauthorized access, disclosure, or misuse.

While we adopt reasonable safeguards in line with industry standards to protect the data we collect and store, please note that no method of transmission over the internet or method of electronic storage is entirely secure. Therefore, any data you transmit to us is at your own risk.

Once we have received your information, we apply strict access controls, encryption protocols, and secure infrastructure practices to reduce the risk of unauthorized access. We are committed to complying with applicable data protection laws and international standards on information and cybersecurity, as updated from time to time.

Data Retention

Unless a longer retention period is required or permitted by law, we will retain your personal data only for as long as is necessary to fulfill the purposes set out in this Privacy Policy.

We may retain your data for a minimum of five (5) years, or longer where required, even after a deletion request is received, in order to comply with regulatory, legal, or contractual obligations.

Additionally, we may retain data where:

• There is an outstanding obligation or unresolved matter involving you,
• We are required to retain records for audit, compliance, or enforcement purposes.

Please note that even when data is deleted from our active systems, it may remain on backup for legal, tax, or regulatory reasons.

User Rights

In addition to being able to control the data you directly provide to us, you may exercise any of the below rights with respect to your data:

1. Request information about any of your personal data which we are processing.
2. Request access to your personal information which we process.
3. Request correction of personal information that we hold about you to make them more accurate or to reflect change in circumstances.
4. Request us to refrain from doing certain things with your data or restrict the extent of our collection or processing of your data.
5. Request partial or complete erasure of your personal information.
6. Object to our processing of your personal information where we are processing your personal information for direct marketing purposes.
7. Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
8. Request the transfer of your personal information to another party. If you wish to exercise any of the rights set out above, please contact us using the contact details provided below.

Cookies

Our website uses cookies to distinguish you from other users. This helps us provide you with a better browsing experience and also allows us to improve the functionality and performance of our site. You may manage or disable cookies at any time through your browser settings; however, doing so may affect how certain features of the site function. By using our platform, you consent to our use of cookies unless you opt out.

Limitation of Liability

Notwithstanding any other provision in this Privacy Policy, DataMarket, its affiliates, officers, directors, employees, legal advisers, or agents shall not be liable for any special, indirect, incidental, punitive, or consequential damages (including loss of data, loss of income, or reputational damage) arising out of or related to your use of our platform or any breach of this Privacy Policy, whether in contract, tort, or otherwise, even if we have been advised of the possibility of such damages.

We shall not be held liable for any personal data breach or compromise that occurs as a result of:

• Circumstances beyond our reasonable control (including acts of God, natural disasters, or internet infrastructure failures),
• Cyberattacks or acts of terrorism,
• The authorized transfer of your personal data to a third party based on your instructions or consent,
• The use or misuse of your data by a third party you have authorized or engaged,
• Failures in third-party systems we reasonably rely on for data processing or security.

To the fullest extent permitted by law, you agree to waive and release us from any such liability. Nothing in this clause limits any rights you may have under applicable data protection laws that cannot be lawfully excluded.

Changes to this Policy

We change this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date and publish the updated version on our website. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personally identifiable information we collect. We will do our best to notify you via email or through a notification on our website, if there are changes to this Policy.

Contact Details

If you have any questions or requests about this privacy policy or our privacy practices, please contact us via this email: Info@izifin.com