Confidentiality Clause & Disclaimer COPYRIGHT

(C) 2022 BY FUNDFLOW FINANCIALS All rights reserved.

Policy Statement

Who We Are

Fundflow Financials is a leading Financial Institutions Officially recognized by the Corporate Affairs Commission with certificate number 6928989

At Fundflow Financials, we are committed to creating value for our customers by harnessing our expertise and a dedicated team of professionals. We continuously strive to offer a wide array of innovative financial products and services to individuals, small businesses, corporations, governments, and institutions, aiming to positively impact their financial well-being.

Our mission is To be one of the market leaders in the microfinance space, bringing comparative micro financial services to the financially excluded using best practices methodology..

What Personal Data Do We Need?

In order to effectively conduct our operations, Fundflow Financials may collect and process various types of personal data, sourced from different channels, including but not limited to:

Identification Information: Official identification documents such as passports or national ID cards.

Contact Information: Details provided by customers during account setup.

Financial Information: Credit applications and transaction records.

Transaction Data: Records of financial transactions.

Credit Information: Data from credit bureaus and loan information.

Employment Information: Information provided by employees during onboarding.

Communication Records: Call records, emails, and chat transcripts.

Compliance Data: Anti-money laundering (AML) and Know Your Customer (KYC) records.

Digital Data: Cookies and other digital footprints.

In certain instances, Fundflow Financials may need to collect special categories of personal data, such as race, political opinions, genetic/biometric data, or health records. In such cases, our processing of such data will be based on explicit consent, legal obligations, or for legal proceedings/advice.

Why Do We Need the Data?

Fundflow Financials ensures that the collection and processing of personal data are relevant and necessary for the intended purpose. We collect only the data required for specific processing activities, and each processing purpose is supported by at least one lawful basis to protect the rights of data subjects.

The purposes of processing and their corresponding lawful bases are outlined below:

Purpose of Processing: Lawful Basis of Processing.

Account Management: Identity verification, account updates, and transaction facilitation.

Credit Assessment: Evaluating creditworthiness for loan applications. Regulatory.

Compliance: Adherence to legal and regulatory requirements, including AML and KYC regulations.

Customer Service: Providing support, addressing inquiries, and resolving banking issues.

Online Banking: Secure access to online and mobile banking platforms.

Internal Analysis and Improvement: Enhancing services, identifying trends, and making data-driven decisions.

Where Legitimate Interest is considered the legal basis for processing personal data, Fundflow Financials conducts a Legitimate Interest Assessment to ensure compliance:

Determine the Purpose for Processing: Establish the exact reason for processing and its benefits to the organization. Determine the Necessity of the Processing: Justify why the processing is necessary and consider alternatives. Balance Privacy Interests: Assess the impact on data subjects and address any concerns. Consent

Fundflow Financials requires explicit consent from individuals to process their personal data. By agreeing to this privacy policy, individuals grant permission to use/process their personal data for specific purposes identified before collection. If sensitive personal data is requested, individuals will be informed of the purpose and use of such information.

Individuals have the right to withdraw consent at any time by following the Fundflow Financials Withdrawal of Consent Procedure.

Disclosure

Fundflow Financials does not disclose personal data to third parties without prior consent, except as necessary for processing activities. Third-party recipients of personal data are bound by contractual obligations to safeguard data and use it only for specified purposes.

When transferring personal data to third parties outside GDPR and NDPR jurisdictions, Fundflow Financials ensures compliance with regulatory standards and implements appropriate safeguards to protect data subjects’ rights.

Retention of Records

In compliance with GDPR/NDPR data retention policies, Fundflow Financials processes and retains personal data for ten years. This retention period allows for legitimate use of personal data in accordance with legal and regulatory requirements. Upon completion of the retention period, personal data is securely deleted or anonymized.

Data Subject Rights

Under GDPR/NDPR provisions, data subjects have specific rights regarding their personal data:

Request access to information held about them. Correct inaccurate or incomplete data. Request deletion of data from systems/records. Restrict processing under certain conditions. Transfer data to another organization. Object to processing, including direct marketing and automated decision-making. Initiate judicial review if access rights are denied. Complaints

Individuals have the right to lodge complaints regarding the processing of their personal data by Fundflow Financials or its third-party processors. Complaints can be directed to the supervisory authority or the Data Protection Officer of Fundflow Financials.

Contact Information

Data Protection Officer

Address: Fundflow Financials, 2 Suwebatu Ajala street Off Oshodi Road Lagos