Last Updated: 27 June, 2024
Fusion Financial Technology Limited (“the Company” or “Fusion”) is a financial technology company with the objective of providing innovative business, financial and social solutions to individuals and companies through the use of technology by partnering with licensed financial institutions for the enhancement of such services to targeted customers. In light of the emerging data regulatory environment which requires higher transparency and accountability in how companies manage and use personal data, the Company must ensure that its business operations align with global best practices on protection of rights and privacy of individuals.
The Data Protection Policy (“the Policy”) is a formal acknowledgment that the Company is committed to the protection of rights and privacy of individuals, in accordance with the Nigeria Data Protection Act, 2023 (“the Act”).
The Policy describes how the Company shall collect, handle and store personal data of individuals to meet the data protection standards.
The purpose of this Policy is to:
The Act, which came into force on June 12th, 2023, regulates the gathering, storing and processing of Personal Data (regardless of whether Data is stored electronically, on paper or on other materials), and protects the rights and privacy of all living individuals (including children). The Act applies to natural persons residing in Nigeria or residing outside Nigeria but of Nigerian descent.
The Act mandates every Data Controller to process any Personal Data in accordance with the governing principles of data protection. In order to comply with the obligations, Fusion undertakes to adhere to the following principles:
The following statement shall guide compliance with the Act on Data Processing. Fusion shall:
The Company shall process Personal Data of individuals if at least one (1) of the following applies:
To fulfill the requirement of the Act, Personal Data will be processed in accordance with the rights of the Data Subject. The Company's business operations will be guided by the following statements:
To align with these requirements, the Company shall:
The Company recognises the importance of protecting Data from unauthorized access and data corruption and the Company shall:
To ensure compliance with the Act, being a Data Controller, the Company shall:
The Company acknowledges that individuals have the right to object to the processing of their Personal Data, as such the Company shall only process Personal Data in accordance with Data Subjects' rights as listed below:
The Company shall comply with the Act and any transfer of Personal Data which is undergoing processing or is intended for processing after transfer to a foreign country or an international organization shall take place subject to the provisions of the Act.
In the absence of any decision made by NDPC or the Honourable Attorney General of the Federation (HAGF) on the transfer of Personal Data to a foreign country, Fusion shall initiate the transfer or set of transfers of Personal Data to such foreign country or an international organization only when:
Fusion, in compliance with the Act, shall explicitly communicate through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of a transfer to a third country.
To comply with this section under the Act, Fusion shall:
This Policy applies to all staff, Management and Board of Fusion and as a matter of best practice, to other companies (contractors, suppliers etc.), individuals working with Fusion and its stakeholders who have access to personal information. It is also applicable to all data that Fusion holds relating to identifiable individuals, even if that information technically falls outside of the Act. This includes, but is not limited to:
The Nigeria Data Protection Act, 2023.
The Nigeria Data Protection Regulation, 2019.