1. Consent

You accept this privacy policy when you give consent upon access to our platforms, use the services offered on our website and digital platform or visit any of our offices for official or non-official purposes.

By visiting "https://smartpay.ng" (“our site”) you are accepting and consenting to the practices described in this policy.

Our website and services are not directed to children under 18. We do not knowingly collect information from children under 18. If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Privacy Policy.

2. Company Overview

VAS Acquico Limited is a regulated Value Added Services Company operating a range of payment & collections services as approved by the Nigerian Communications Commission and the Central Bank of Nigeria. We offer an online payment platform that makes it easy for merchants to accept electronic payments from customers.

This Privacy Policy is intended to set certain standards across the operations of VAS Acquico Limited.

3. What Personal Data do we collect?

We collect Personal Data about you when you use the services offered on our website and digital platform, including the following:

Transaction information : When you use our digital platform to send and receive money, make purchases from merchants, pay bills, and deposit & withdraw cash, we collect information about the transaction, as well as other information associated with the transaction such as amount sent or received, amount paid for products or services, merchant information, including information about your device and geolocation. Anonymized payment data.

Participant Personal Data : When you use our services, we collect Personal Data about the other participants associated with the transaction. We collect Personal Data such as name and financial account information about the participant who is receiving money from you or sending money to you. To gain full access to our website and services, you must register for a SmartPay Merchant account. When you register for an account, we collect Personal Information which you voluntarily provide to us. Personal Information refers to information relating to an identified person or information that can be used to identify you, (e.g. email address, bank details, name, telephone number). It may also include anonymous information that may be linked to you specifically, (e.g. IP address).

Technical information : Including, but not limited to, the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

Other information we collect related to your use of our website or Services : We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.

We retain Personal Data in an identifiable format for at least seven (7) for our business purposes and to fulfil our legal or regulatory obligations. We may retain Personal Data for longer periods if it is in our legitimate business interests and required to comply with applicable laws. We will continue to use and disclose such Personal Data in accordance with this Privacy Policy.

4. What do we do with your Personal Data?

We collect your personal data to provide you an efficient and secure customer experience. We process your information to:

Provide services, including to:

• Initiate a payment, send or request money, or pay a bill
• Authenticate your access to an account
• Communicate with you about your account
• Manage risk, fraud and abuse of our services and you from fraud by verifying your identity.
• Comply with our obligations and to enforce the terms of our sites and services, including to comply with all applicable laws and regulations.
• Trail information breach and remediate such identified breaches.

Resolve disputes and troubleshoot problems.

• To notify you about changes to our service;
• To ensure that content from our site is presented in the most effective manner for you and for your device.
• To provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about; anonymized repayment data.
• To address inappropriate use of our website
• To prevent, detect and manage risk against fraud and illegal activities using internal and third party screening tools
• To verify your identity and the information you provide in line with SmartPay’s statutory obligations using internal and third party tools
• To retrieve additional Personal Information about you from third parties and other identification/verification services such as your financial institution and payment processor. With your consent, we may also collect additional Personal Information in other ways including emails, surveys, and other forms of communication. Once you begin using our services through your Smartpay account we will keep records of your transactions and collect information of your other activities related to our services. We will not share or disclose your Personal Information with a third party without your consent except as may be required for the purpose of providing you with our services or under applicable legislations.
• To provide you with the services, we may rely on third-party servers located in foreign jurisdictions from time to time, which as a result, may require the transfer or maintenance of your personally identifiable information on computers or servers in foreign jurisdictions. We will endeavour to ensure that such foreign jurisdictions have data protection legislation that is no less than the existing data protection regulations in force in Nigeria and your personally identifiable information is treated in a safe and secure manner.

With your consent:

• Market SmartPay products and services to you.
• Use cookies to provide a targeted display, feature, service or offer to you.
• We will not send unsolicited marketing communications to you by SMS or email if you have not opted in to receive them.
• Notify you about changes to our service
• When you test our services using the “Demo” part of our website, we collect both non-personally identifiable information and personally identifiable information. Information we collect include your IP address, information about your computer, and other standard web log information to monitor the test transactions. We also collect and store your email address and card information you provide to conduct the test transactions. In compliance with the Payment Card Industry Data Security Standard (PCI DSS Requirements”), we implement access control measures, security protocols and standards including the use of encryption and firewall technologies to ensure your card information is safe and secure in our servers, additionally, we implement periodical security updates to ensure that our security infrastructures are in compliance with reasonable industry standards. We will not share and disclose your card information
• We may share your contact information with merchants as part of your purchase details for record purposes. We will not share this information with other third parties except as a necessary part of providing our website and services. We do not share your card information with merchants. Please review your merchant’s privacy policy to understand the privacy policies guiding the merchant you transact with.

Additionally, you can withdraw your consent at any time and free of charge.

We do not collect your Personal Information when you visit the website. However, so we can monitor and improve our website and services we may collect non-personally-identifiable information. We will not share or disclose this information with third parties except as a necessary part of providing our website and services. We may use the information to target advertisements to you.

5. Sharing your Personal Data

We may share your Personal Data or other information about you with others for the following reasons:

With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with services, verify your identity, assist in processing transactions, send you advertisements for our products and services, or provide customer support.

With other financial institutions: We may share Personal Data with other financial institutions that we have partnered with to only offer SmartPay-related services, unless you have given consent for other uses. We may also share Personal Data to process transactions and keep your financial information up to date.

With the other parties to transactions when you use the services, such as other users and their service providers. This includes other users you are sending or receiving funds from and their service providers. The information might include:

SmartPay may engage the services of third parties in order to process the Personal Information of Data Subjects collected by the SmartPay. The processing by such third parties shall be governed by a written contract with SmartPay to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Information in accordance with the terms of this Privacy Policy.

Personal Data and account information necessary to facilitate the transaction; and

Personal Data to help other participant(s) resolve disputes and detect and prevent fraud.

With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for SmartPay’s business purposes or as permitted or required by law, including:

If we need to do so to comply with a law, legal process or regulations;

If we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;

To protect the vital interests of a person;

With credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes;

To investigate violations of or enforce a user agreement or other legal terms applicable to any service;

To protect our property, services and legal rights;

To facilitate a purchase or sale of all or part of SmartPay’s business;

To companies that we plan to merge with or be acquired by; and

To support our audit, compliance, and corporate governance functions.

With your consent: We also will share your Personal Data and other information with your consent or direction.

Subject to the marketing preferences you have selected on our website, to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a product or service which you were previously interested in. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this;

By ticking the “I agree to the Terms and Conditions”, which you hereby adopt as your electronic signature, you consent and agree that:

We can provide materials and other information about your legal rights and duties to you electronically.

We are authorised to share, receive and use data/information collected from your transaction with other affiliated third parties including but not limited to switching companies, mobile network operators, electricity companies, aggregators, credit bureaus, other financial institutions, e-commerce platforms etc.

6. Data Security and Retention

Unless a longer retention period is required or permitted by law, we will only hold your data on our systems for the period necessary to fulfil the purposes outlined in this privacy policy.

Even if we delete your data, it may persist on backup or archival media for legal, tax or regulatory purposes.

The security of your Personal Information is important to SmartPay. We are committed to protecting the information we collect. We maintain administrative, technical and physical controls designed to protect the Personal Information you provide, or we collect against loss or theft, as well as against any unauthorized access, risk of loss, disclosure, copying, misuse or modification.

Other security measures include but not limited to, secure servers, firewall, data encryption and granting access only to employees in order to fulfil their job responsibilities.

7. How We Use Cookies

Cookies are small files placed on your device’s browser that enables the website to identify your device as you view different pages. Like most interactive websites, our website uses cookies to enable the tracking of your activity for the duration of a session. Our website uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs out of the platform and closes the browser. Session cookies do not collect information from your device. They will typically store data in the form of a session identification that does not personally identify you. Certain aspects of our website are only available through the use of cookies, so your use of our website may be limited or not possible if you choose to disable or decline cookies.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By visiting our website, you consent to the placement of cookies and beacons in your browser and HTML-based emails in accordance with this Privacy Policy.

8. What Are Your Rights?

Requests to Access, Rectify or Erase.

Access Request
You have the right to ask us whether we hold any Personal Data relating to you and, if we do, to be provided with a copy of that Personal Data in electronic form, unless you want to receive it in another way (for example, a paper copy). In addition, you can ask us for information on how we use your Personal Data, who we share it with, how long we keep it, where it is stored, and other information to help you understand how we use it.

Rectification Request
You have the right to ask us to correct your Personal Data (including by means of providing a supplementary statement) if it is inaccurate and to have incomplete Personal Data updated without undue delay. If we cannot correct the Personal Data, we include a note on our files regarding your request to correct your Personal Data.

Erasure Request
You have the right to ask us to erase your Personal Data if:

• Your Personal Data are no longer necessary for the purpose(s) they were collected for.
• Your Personal Data have been unlawfully processed.
• Your Personal Data must be erased to comply with a regulation.
• You withdraw your consent for the processing of the Personal Data (and if this is the only basis on which we are processing your Personal Data).
• You object to processing that is based on our legitimate interests, provided there are no overriding legitimate grounds for continued processing, or
• You object to processing for direct marketing purposes.

If we have made the Personal Data concerned public, we will also take reasonable steps to inform other data controllers processing the data so they can seek to erase links to or copies of your Personal Data. We may refuse to act on your request to erase your Personal Data if the processing of your Personal Data is necessary:

• To exercise our right of freedom of expression and information.
• To comply with the NDPR and relevant Nigerian laws.
• For the performance of a task carried out in the public interest or to exercise official authority vested in us.
• To establish, exercise or defend legal claims.

In these cases, we can restrict the processing instead of erasing your Personal Data if requested to do so by you.

Requests to Restrict: You have the right to ask us to restrict the processing of your Personal Data if:

You contest the accuracy of your Personal Data and we are in the process of verifying the Personal Data we hold.

The processing is unlawful and you do not want us to erase your Personal Data.

We no longer need your Personal Data for the original purpose(s) of processing, but you need them to establish, exercise or defend legal claims and you do not want us to delete the Personal Data as a result, or

We will only make decisions relying solely on automated processing that involve your sensitive Personal Data if you have given your explicit consent or the processing is necessary for reasons of substantial public interest, based on the NDPR and relevant laws.

9. How Do We Protect Your Personal Data?

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, as well as information access authorisation controls. While we are dedicated to securing our systems and services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.

We will inform you of any breaches which may affect your Personal Data.

10. Remedies for Violation and Timeframe for Remedy

In the event of violation of this policy, our Data Protection Officer shall within 7 days redress the violation. Where the violation pertains to the disclosure of your Personal Data without your consent, such information shall be retracted immediately, and confirmation of the retraction sent to the you within 48 hours of the redress.

11. Limitation of liability

Notwithstanding any other provision in this privacy policy, neither VAS Acquico Limited its affiliates, officers, directors, employees, attorneys or agents shall have any liability with respect to, and you hereby waive, release and agree not to sue any of them upon, any claim for any special, indirect, incidental, consequential damages suffered or incurred by you in connection with, arising out of, or in any way related to, a breach of this privacy policy.

12. Governing Law

This Privacy Policy is made according to the Nigeria Data Protection Regulation (2019) or any other relevant Nigerian laws, regulations or international conventions applicable to Nigeria.

13. Changes to our Privacy Policy

This privacy policy is reviewed periodically and when there is any substantial change to business or regulatory requirements. At the minimum, we shall review this annually and communicate via our communication channels such as Website, Social Media Accounts etc.

14. Contact Us

If you have any general questions or concerns about this Privacy Policy or the way in which we handle your Personal Data, kindly contact us via the details below:

15. Declaration

I have read all the terms and conditions within this Notice and hereby agree/ disagree to use of my personal data for above mentioned purposes.