Last Updated: July 27, 2023
Privacy Notice
Last Updated: July 27, 2023
Cleva Technologies Inc, (“Cleva”, “we”, “us”, “our”) is a technology platform that enables our users to carry out payout and remittance services (“Services”). We are committed to protecting the privacy and security of the personal information of our users (“you”, “your”, “user”) when using any of our Services.
As part of our commitment, we have designed this Privacy Notice (“Notice”) to inform you about the kinds of information we collect, how we collect them, the purpose of collection, how we store and use your information as well as your rights as it relates to handling your Personal data. We recommend that you read this Notice carefully to understand your rights and our duties towards the management of your information. By accessing and using our services, you acknowledge that you have reviewed this Notice and agree to its terms. This also means that you agree to the collection and processing of your data and have accepted the applicable disclosures.
This Notice incorporates our Terms of use which are available here.
This Notice incorporates the privacy policy of the App available here.
We may make changes to this Notice from time to time and when we do, we will update the “Last Updated” date given above. We may notify you through your registered email address on the Platform of the revisions made to this Notice. However, you understand that this may not always be practicable and when that occurs, you agree to waive your right to notification.
It is your responsibility to review this Notice frequently and to stay informed of all changes which may be made to it. The current version of this Notice will supersede all earlier versions from time to time. By using our services after a revision has been made to this Notice, you consent to be bound by the changes we made.
We collect your information to provide you with our suite of services and to enhance your experience on our platform.
We collect the following categories of information:
To enable us to fulfil Customer Due Diligence (“CDD”) requirements while onboarding you on our platform, we will request for certain information from you which is necessary to assess your eligibility and to fulfil the requisite CDD requirements. This information encompasses details such as your company name, business address, employer identification number and the intended utilisation of our services, which may include:
send money to the US
send money to Nigeria
open a United States Dollars (USD) account
create USD cards for yourself and your employees
We collect information regarding the name, email address, and residential address of individuals who own up to 25% equity in your business. This information is relevant for the purpose of ensuring that we comply with our obligations for the prevention of financial crimes.
We also request information concerning the beneficiary of each transaction initiated by you at the time of the transaction. This includes their name and bank account information. You understand that it is your responsibility to obtain the consent of these third parties before disclosure.
In compliance with anti-money laundering requirements and for our business purposes, we collect information as to the records of transactions carried out by you on our platform. These data include records of the transfers made to our account for payout to your beneficiaries and the time the transfer was made.
We may collect information about how you interact with our Services including your IP address, your devices information, browser type, and activity logs.
We also keep records of your communications to us through our customer support channel and the information you submit to us through user surveys we may request you to complete from time to time.
We shall require your consent to enable us to collect and process and we will only collect and process after you have clicked on the “I Agree” option on this Notice. You agree to have consented to have consented to the collection, processing, storage, use and disclosures of each information which we have indicated that we collect under this Privacy Notice;
For other information we may require which are not expressly stated under this notice, we will request for your consent and authorisation before collection, storage and use;
You have the right to withdraw consent which has been given and you shall communicate the withdrawal of your consent to us clearly in writing. However, withdrawing consent previously given does not affect the legality of data processing that took place prior to the withdrawal and information collected prior to your withdrawal will be processed in accordance with the version of this Notice that was in place when you used our services
All data collected by us in your use of our services, will only be used for the purposes disclosed to you at the time of collection. Your information will not be used for any undisclosed or misrepresented purpose.
In order to utilise our services in Nigeria, we mandate our users to be corporate entities incorporated in the Federal Republic of Nigeria. As a result of this requirement, we collect the corporate information of our users to enable us verify that they are legally existing and in operation as proof that they meet our eligibility requirements. Additionally, such information helps us to ensure that we are not providing our services to non-Nigerian entities.
As participants in the financial services industry, we uphold stringent measures to prevent the misuse of our services for fraudulent purposes such as money laundering, terrorism financial, proliferation financing and other unlawful activities. For this purpose, we collect information relating to your business, personal information of your Beneficial Owners (BOs) and beneficiaries for screening against various public records and sanctions lists. Additionally, we retain transaction records as required by law to serve as vital support for law enforcement agencies during investigations.
To the extent permitted under the Nigeria Data Protection Regulation and the Data Protection Act, we rely on our legitimate business interests to process your data for the following reasons:
To provide our services to you;
To process and fulfil your requests for sending money to the beneficiaries;
To communicate with you, respond to your inquiries and provide customer support;
Detect, monitor, and prevent fraud;
To enhance our user experiences and troubleshoot technical issues
Manage, operate, and improve the performance of our services and our platforms;
Protect you, our services, and our platform from malicious activity and other privacy and security risks;
Enable network and information security throughout our platform and services;
Investigate any misuse of our services or our platform in accordance with our terms of use;
To conduct record keeping and otherwise manage our business;
For any other purpose with your consent
We collect information when:
You onboard on our platform to use our services;
You carry out any transaction through our platform;
Communicate with us through our customer support channels
We employ cookies to monitor your local computer settings so as to detect unauthorised access. We may also expand our use of cookies to include the collection of additional data such as passwords, preferences, and other details as improvements are made on our services.
We shall grant you an opportunity to either accept or reject cookies used on our browsers. However, if you choose to reject the cookies, you may not be able to access some functionalities and web pages on our site or mobile applications,
We shall, as much as reasonably within our abilities, not collect information that identifies any of our Customers personally unless the Customer has provided some personal information to us before then.
If you would prefer not to accept cookies, most browsers will allow you to:
Disable existing cookies;
Set your browser's settings to automatically reject cookies
During the course of our business relationship with you, we may share your personal information with the following persons and for the following reasons:
Service providers: we engage the service of trusted third-party service providers to assist us in delivering our Services, and they include; identity verification service providers, fraud prevention service providers, and web hosting services for the routine maintenance of our software systems. These service providers are bound by contractual obligations to keep your information confidential and secure.
Mandatory disclosures to legal or regulatory authorities: we may disclose your information if required to do so by a legal or regulatory authority, or in response to a valid legal request or court order.
Business partners: we have business partners for the purpose of providing one or more components of our services to you. We may disclose your information to them for the purpose of providing our services to you and to assist them in complying with their obligations under the law.
We maintain organisational, technical and administrative measures designed to protect your personal data against unauthorised access, disclosures, alteration, misuse and destruction;
We use secured web services that have been configured to run within a virtual private connection and an SSL certificate to make sure that all communications are made over HTTPs SFTP using SSL. We shall also use our best endeavours to safeguard the confidentiality and security of your personal data however, please note that no method of transmission over the internet is completely secure therefore, we cannot assure you of an absolute security of your data;
We will retain your data for as long as you use our services and access our platform;
All information collected on our platforms using Amazon Web Services (AWS). Access to this information is restricted to employee responsible for screening;
However, for legal and regulatory compliance reasons, we will retain your personal data for an additional period of seven years after the termination of the relationship between us;
During this period, you may exercise your right to be forgotten/erasure/deletion by requesting that we delete your data before and we may do so immediately upon your request:
When no statutory provision states otherwise;
When after inquiry we can ascertain that you are not subject to an investigation or lawsuit that may require the retention of the data sought to be deleted;
Also, we may retain your data stored in our database , after you request that we delete it if:
We have a legal obligation to retain it;
It is necessary to retain such information for fraud prevention and to enhance the safety of our users.
We may transfer your data to our partners in the US or UK for the purpose of providing the services to you. This transfer will only be made after we have ascertained that our partners have implemented adequate security measures to ensure the protection of your data.
You have the following rights in relation to you data held by us
The right to have access to your personal data
The right to be informed about the processing of your personal data
The right to rectify any inaccurate personal data or any information about you.
The right to review, modify or erase any personal data and any information we have about you. This is referred to as your right to be forgotten.
The right to restrict the processing of your personal data
The right to block the processing of your personal data that is done in violation of any applicable law.
The right to be informed about any erasure or rectification of your personal data or restriction of any [processing carried out.
The right to the portability of your personal data; and
The right to lodge a complaint to a supervisory authority within Nigeria.
At your request, we will provide the personal data held by us in a structured manner, commonly used and machine-readable format;
We will restrict you from transmitting those data in our database to another company where the processing is based on consent, on a contract, and processing is carried out by automated means;
To exercise any of your rights under this Notice, you may contact us through the email address provided under this Notice. However, please note that we may request that you complete a form and provide suitable identifications to verify your identity. Once the form is completed where required, we will provide you with the requested information within a period not exceeding two months. However, we have a right to refuse your request where we notice that the request is repetitive or excessive;
Please note that your right to the erasure of your data does not apply to legal necessities like invoices, audit logs, subscription information, and the data archived on our backup systems. For such data, we shall securely isolate and protect their users from any further processing;
Where any of the rights as provided for under this Notice is breached, the resolution shall be in accordance with the dispute resolution mechanism in our Terms of use.
Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected Personal Data from a child, we will take prompt steps to delete such information from our records.
This Notice is made pursuant to the Nigeria Data Protection Regulations, (NDPR) and the Nigeria Data Protection Act.
Any part of this Notice found to be inconsistent with the provisions of the above mentioned enactments shall be deemed severed. However, such severance shall not affect that legality or enforceability of the other parts of this Notice.
If you have any questions, requests, or concerns regarding this Notice or our data practices, please contact us at legal@getcleva.com.