Privacy Policy

1. Introduction/Scope

This document is prepared in accordance with the provisions of the Nigeria Data Protection Act 2023 (NDPA). It sets out how Bujeti Limited applies and complies with the data privacy principles in processing the personal data of customers, staff, vendors, visitors, and even third parties that interact with Bujeti Limited.
For personal data of individuals, this document also highlights their rights and covers the data subject(s) whose personal data is collected and processed, in compliance with the NDPA.
This privacy policy describes why and how we collect and use personal information about our customers, clients, vendors, and visitors (data subjects). It also highlights with whom we might share Personal Information and how long we keep such information. It also makes data subjects aware of their rights under the Nigeria Data Protection Act 2023.

2. Roles/Responsibilities

Bujeti Limited Data Protection Officer (DPO) is responsible for ensuring that this document is correct and up-to-date. The DPO also ensures that data subjects are duly notified prior to the collection and processing of their personal data by Bujeti Limited including data collected via Bujeti Limited's website. All Bujeti Limited employees/staff who interact with personal data must also ensure to follow the provisions in this policy document.

3. Policy Statement

Bujeti Limited is committed to protecting the privacy and security of data subjects' personal data. We are responsible for determining how we hold and use personal information about our data subjects. According to the Nigeria Data Protection Act (NDPA), Bujeti Limited is required to notify data subjects of the information contained in this document.

3.1 About Bujeti Limited

Bujeti Limited is incorporated under the laws of the Federal Republic of Nigeria, with our registered office at Plot 1B, Block 129, Jide Sawyerr Drive, Lekki Phase 1, Lagos.
We provide adapted financial services to Micro, Small and Medium-sized Enterprises (MSMEs) and individuals in Nigeria.
Bujeti Limited is a reputable technology-driven financial institution that is recognized for innovation, superior performance, and creation of premium value for all stakeholders.

3.2 What Personal Data Do We Need?

The personal data we would collect and process, depending on the particular processing requirement, are under the following categories:

Data TypeDescription of Data
Contact DataAddress, Email Address and Telephone Numbers Information received during your contact with face-to-face meetings, phone calls, emails, letters and SMS
Financial DataBank account information and bank statements, Bank verification Number (BVN), your income and outgoings, your financial position, status, and credit history, debit or credit card information and account number.
Transaction DataInformation regarding the products and services you may have benefited from by using Bujeti Limited and any of its subsidiaries, transactional information including in respect of products which you purchase. Location data of transactions where you may use your debit card
Technical DataInternet protocol (IP) address, your login data, details of your browser and operating system, time zone setting and location, browser plug-in types and versions, platforms and other technology on the devices you use to access this website
Profile DataIncludes your username and password
Job Application DataData submitted throughout the recruitment process eg: name, email address. Any personal information you provide to Bujeti Limited as part of the recruitment process.
Usage DataIncludes information about how you use our website, products and services
Marketing and Communications DataInformation about your communications with us. Your preferences in receiving marketing e-mails from us and consents you have given us

Where the personal data we need to collect may fall under a special category of sensitive personal data, Bujeti Limited lawful basis of processing will be the explicit consent of the individual, or where applicable, compliance with a legal obligation, or for legal proceedings/advice.

4. Why We Need the Data

Bujeti Limited ensures that the personal data collected and processed is necessary for the purpose of collection, and shall not collect or process more data than is reasonably required for a particular processing activity.

4.1 Use of Information for Marketing Purposes

In accordance with the Nigerian Data Protection Act 2023 and other applicable data protection regulations, we may utilize the personal information collected from you for marketing purposes. This includes, but is not limited to, sending you promotional materials, updates on our services, and other communications that may be of interest to you.

We assure you that any marketing communications will be sent only if you have given your explicit consent to receive such information. You retain the right to withdraw your consent at any time by contacting us through the details provided in this Privacy Policy. The withdrawal of consent will not affect the legality of any data processing carried out prior to such withdrawal.

We are committed to ensuring that your personal data is processed in accordance with the highest standards of data protection and privacy.

5. Legal Grounds for Processing

Bujeti Limited identifies, establishes, defines, and documents the specific purpose of processing and the legal basis for processing personal data (including any special categories of personal data processed) before any processing operation takes place under:

  • Consent obtained from the data subject.
  • Performance of a contract where the data subject is a party.
  • Legal obligation that Bujeti Limited is required to meet.
  • Protect the vital interests of the data subject, including the protection of rights and freedom of the Data Subject.
  • Official authority of Bujeti Limited or to carry out the processing that is in the public interest.
  • National law such as biometric data.

In addition, every processing purpose has at least one lawful basis for processing to safeguard the rights of the data subjects, as listed below:

Purpose of ProcessingLawful Basis of Processing
Account creation, identity verification and maintenance of recordsContract
Vendor validation/information processingContract
EmploymentContract

6. Processing of Personal Data Based on Consent

Where applicable, Bujeti Limited will require the explicit consent of customers, visitors, and other relevant stakeholders to process collected personal data.
Visitors to Bujeti Limited website are expected to read and understand the website privacy notice, and then agreeing to the website’s terms of use. And by consenting to the privacy policy, data subjects are giving Bujeti Limited the permission to use/process their personal data specifically for the purpose identified before collection.
On this ground, if any data subject (customer, client, visitor, vendor, staff, or third party) does not agree to Bujeti Limited collecting and processing their personal data, such individual is not allowed to enjoy Bujeti Limited service(s) where applicable.
If, for any reason, Bujeti Limited is requesting sensitive personal data from its stakeholders (external and internal), the individuals will be rightly notified why and how the information will be used.
Where processing relates to a child under 18 years old, as in the case of NDPA Bujeti Limited shall demonstrate that consent has been provided by the person who holds parental responsibility over the child. Bujeti Limited shall demonstrate that reasonable efforts have been made to verify the age of the child and establish the authenticity of the parental responsibility taking into consideration available technology.

6.1. Withdrawal of Consent

Irrespective of initial consent given, an individual can withdraw their consent at any time by making a withdrawal of consent request.
Bujeti Limited demonstrates the data subject (customer, client, visitor, vendor, staff, or third-party) has withdrawn consent to the processing of his or her personal data with a written instruction from the data subject.
For child consent, Bujeti Limited shall demonstrate that the holder of parental responsibility over the specified child has withdrawn consent via a written instruction from the parent. Bujeti Limited will also demonstrate that reasonable efforts have been made to establish the authenticity of the parental responsibility, when withdrawing consent for the specified child, considering available technology.
Where applicable, the Data Protection Officer will inform the relevant process owner of this change, and the processing activities that relied upon the consent is stopped immediately, in accordance with the relevant process.

7. Use of Cookies

The website uses cookies provided by trusted third parties, such as Google Analytics, to help us understand and improve users experience on the website.
Bujeti Limited may use the information we obtain from your use of our cookies to:

  • Recognize your computer when you visit our website.
  • Track you as you navigate our website.
  • Improve the website’s usability (including our Live Chat application to answer questions you have in real time.
  • Analyze the use of our website - such as how many people visit us each day, and
  • Manage the website.

Users can disable cookies and prevent the setting of cookies by adjusting the settings on their browser. However, this is not recommended, as disabling cookies may also disable certain functionality and features of the site.

8. Disclosure to Third-Parties

Asides situations where Bujeti Limited may be required to disclose personal data of individuals in accordance to a legal obligation in response to requests by government authorities or law courts on matters involving national security or law enforcement requirements, Bujeti Limited will not pass on its data subjects’ personal data to third parties without first obtaining consent.
In situations where the processing of personal data will involve investigation of potential violations of Bujeti Limited Terms of Service, fraud prevention/mitigation, security issues management, and the preservation of the rights and freedom of staff, customers, and clients, Bujeti Limited shall establish an appropriate legal ground for such data transfers.
Bujeti Limited has put in place, to the best of its ability and in line with standard global practices, physical, technical, and organisational measures (including secure encryption and anonymisation) to ensure the optimum protection of personal data, which also extends to data transferred or shared with third-parties.

8.1. Cross-Border Transfers

Bujeti Limited may also engage third parties abroad (such as other financial institutions, contractors, government-authorised agencies, etc.) that will receive personal data for certain purpose(s) as part of Bujeti Limited processing activities and process them Bujeti Limited behalf. Where this is the case, Bujeti Limited will enter into a Data Processing Agreement with the third party and also ask for your consent if the purpose of processing was not initially stated on inception and be satisfied that the third party has adequate measures in place to protect the data against accidental or unauthorised access, use, disclosure, loss, or destruction.
In such a case where the disclosure is to third parties outside the jurisdiction of the NDPA, Bujeti Limited will ensure that the third party meets the core global regulatory standards prior to the transfer. This may include transferring the personal data to the third party where Bujeti Limited is satisfied that:

  • The country of the recipient has adequate data protection controls established by legal or self-regulatory regime. However, in a case not covered by an adequacy decision from the NDPC;
  • It has a contract in place that uses existing data protection clauses with approval of NDPC to ensure adequate protection.
  • It is making the transfer under approved binding corporate rules.
  • Provisions inserted into administrative arrangements between public authorities or bodies authorised by the supervisory authority NDPC.

9. Retention of Records

Bujeti Limited stores a broad spectrum of personal information, which indicates that retention periods differ with the type of data collected and stored. All information Bujeti Limited holds is stored and retained, stored and destroyed in compliance with NDPA's guideline on the retention of records and personal data.
Bujeti Limited will retain your personal data as long as the information is active on our systems and necessary for service delivery purposes. This retention period is verified and established with special considerations to the following areas:

  • The requirements of Bujeti Limited
  • The type of personal data
  • The purpose of processing
  • Lawful basis for processing
  • The categories of data subjects

Details of personal data retention periods for the different categories of personal data is captured in the Records of Processing Activities document (internal document)
This retention period is established to enable Bujeti Limited use the personal data for the necessary legitimate purposes identified, in full compliance with the regulatory requirements. When the personal data is no longer needed or beyond the stipulated retention period, Bujeti Limited will delete or destroy it from it’s systems and records, or take steps to securely archive it while protecting your identity and privacy rights as the case may be.

10. Data Subject Rights

At any point while Bujeti Limited is in possession of or processing personal data, the data subject, has the right to:

  • Request a copy of the information that Bujeti Limited holds about them
  • Correct the data that is inaccurate or incomplete
  • Ask for their data to be erased from Bujeti Limited systems/records
  • Restrict processing of their personal data where certain conditions apply
  • Have their data transferred to another organisation
  • Object to certain types of processing like direct marketing
  • Object to automated processing like profiling, as well as the right to be subject to the legal effects of automated processing or profiling
  • Complain and pursue judicial review in the event that Bujeti Limited refuses their request under rights of access without a clear and justifiable reason as to why

All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.

11. Complaints

If for any reason a vendor/contractor, customer, or staff wishes to make a complaint about how Bujeti Limited (or any of Bujeti Limited third parties) handles or have handled their personal data, or how their complaint has been handled, they have the right to lodge a complaint directly with the supervisory authority and Bujeti Limited Data Protection Officer.
Below are the details for each of these contacts:

Supervisory Authority Email:dpo@ndpc.gov.ng

Data Protection Officer (DPO) Email:dpo@bujeti.com

Still have questions?

Our friendly team are always ready to help.

[object Object]