PERSONAL INFORMATION COLLECTED AND COLLECTION METHODS
Personal information refers to data that could identify a specific individual such as names, addresses, e-mail addresses, and telephone numbers.
Depending on your medium of interaction with Wema Bank, we collect various types of information from you, as described below.
- Personal/Contact details (name, date of birth, passport information or other identification information phone number, email address, postal address, or mobile number), Biometric information (fingerprints, facial recognition, or voice recognition) or Information about your family and social circumstances (such as dependents, marital status, next of kin and contact details) will be collected on the bank mobile banking applications, social media, calls, SMS or interactions with our relationship management officers during account opening or account update.
- Transactional details will be requested when payment is made or when payment-related complaints are made. Also, visual images and personal appearance (such as copies of passports or CCTV images) will be requested for when there is a complaint made against the bank’s application or services rendered.
- Medical information (results of urine, blood, and X-ray analysis), Education and employment information will be requested from new staff during the onboarding process.
- Financial information (bank account number, debit card numbers, financial history) including information you provide to deliver payment initiation services and account information services regarding accounts you hold with other providers.
CONDITION FOR PROCESSING PERSONAL DATA
Wema Bank personnel or any third party acting on its behalf shall only process your personal data if at least one of these conditions are met:
- Consent: this refers to any freely given, specific, informed, and unambiguous indication through a statement or a clear affirmative action that signifies your agreement to the processing of your Personal Data by Wema Bank. Wema Bank does not intend to seek consent that may engender direct or indirect propagation of atrocities, hate, criminal acts, and anti-social conducts.
- Contract: processing is necessary for the performance of a contract or entering into a contract at your request.
- Legal obligation: processing is necessary for compliance with a legal obligation to which Wema Bank is subject.
- Vital interest: processing is necessary to protect your vital interests or those of another natural person.
- Public interest: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Wema Bank.
HOW WE USE YOUR PERSONAL DATA
To the extent permissible under applicable law, we may use your information for the following legitimate actions:
- Providing and operating the products and services you have requested.
- For other related purposes may include updating and enhancing Wema Bank records, understanding your financial needs, conducting credit checks, reviewing creditworthiness, and assisting other financial institutions to conduct credit checks.
- Identifying and informing you about other products or services that we think may be tailored to suit your interest.
- Reviewing credit or loan eligibility
- For crime/fraud prevention and debt collection purposes
- To plan, conduct, and monitor Wema Bank’s business.
- For improving the design and marketing of our range of services and related products for customer use.
- Compare information for accuracy and verify it with third parties/publicly available information.
- Manage our relationship with you.
- To monitor, carry out statistical analysis and benchmarking to identify potential markets and trends, evaluate and improve our business.
- Monitor activities at our facilities, including compliance with applicable policies.
- To comply with and enforce applicable legal and regulatory requirements, relevant industry standards, contractual obligations, and our policies.
Without your personal information, we may not be able to provide or continue to provide you with the products or services that you need.
TRANSFER OF PERSONAL DATA
Personal data collected by Wema Bank may be transferred among its various divisions (with personnel who have business need to know). Other than to those individuals and entities listed below, your details will not be revealed by Wema Bank to any external body unless Wema Bank has your permission or is under either a legal obligation or any other duty to do so. For the purposes detailed above, your information may be disclosed to:
- Other Branches or Companies in the Wema Group (i.e., Wema Bank PLC, its subsidiaries, and affiliates).
- Any regulatory, supervisory, governmental, or quasi-governmental authority with jurisdiction over Wema Group members.
- Any agent, contractor or third-party service provider, professional adviser, or any other person under a duty of confidentiality to the Wema Group.
- Credit reference agencies and, in the event of default, debt collection agencies.
- Any actual or potential participant or sub-participant in, assignee, novate or transferee of any of the Wema Group’s rights and/or obligations in relation to you.
- Any financial institution with which Wema Bank PLC has or proposes to have dealings.
The above disclosures may require the transfer of your information to parties located in countries that do not offer the same level of data protection as your home country. However, Wema Bank PLC will ensure that the parties to whom your details are transferred treat your information securely and confidentially by implementing appropriate organizational and technical measures have been implemented to keep your Personal Information/Data confidential and secure. This includes the use of encryption, firewalls physical and environmental access controls, adequate authentication and authorization access controls, and other forms of security to ensure that your data is protected.
TRANSFER TO A FOREIGN COUNTRY
Any transfer of personal data which are undergoing processing or intended for processing after transfer to a foreign country or to an international organization shall take place subject to the other provisions of this Regulation and the supervision of the Honorable Attorney General of the Federation (HAGF). Accordingly:
- a transfer of personal data to a foreign country or an international organization may take place where the Agency has decided that the foreign country, territory, or one or more specified sectors within that foreign country, or the international organization in question ensures an adequate level of
- the HAGF shall take into consideration the legal system of the foreign country particularly in the areas of rule of law, respect for human rights and fundamental freedom, and relevant legislation, both general and sectoral, including public security, defense, national security, and criminal and access of public authorities to personal data.
- implementation of such legislation, data protection rules, professional rules, and security measures, including rules for the onward transfer of personal data to another foreign country or international organization which are complied with in that country or international organization, case- law, as well as effective and enforceable Data Subject rights and effective administrative and judicial redress for the Data Subjects whose personal data are being
- the existence and effective functioning of one or more independent supervisory authorities in the foreign country or to which an international organization is subject, with responsibility for ensuring and enforcing compliance with the data protection rules, including adequate enforcement powers, for assisting and advising the Data Subjects in exercising their rights and for cooperation with the relevant authorities Nigeria; and
- the international commitments of the foreign country or international organization concerned have entered, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems, in relation to the protection of personal
EXCEPTIONS IN RESPECT OF TRANSFER TO A FOREIGN COUNTRY
In the absence of any decision by the Agency or HAGF as to the adequacy of safeguards in a foreign country, a transfer, or a set of transfers of personal data to a foreign country or an international organization shall take place only on one of the following conditions:
- You have explicitly consented to the proposed transfer after having been informed of the possible risks of such transfers due to the absence of an adequacy decision and appropriate safeguards and that there are no
- The transfer is necessary for the performance of a contract between you and the Controller, or the implementation of pre-contractual measures taken at your
- The transfer is necessary for the conclusion or performance of a contract concluded in your interest between the Controller and another natural or legal
- The transfer is necessary for important reasons for public
- the transfer is necessary for the establishment, exercise, or defense of legal claims.
- The transfer is necessary to protect your vital interests or of other persons, whom you are physically or legally incapable of giving
Provided, in all circumstances, that you shall be manifestly made to understand through clear warnings of the specific principle(s) of data protection that are likely to be violated in the event of transfer to a third country. This proviso shall not apply to any instance where the Data Subject is answerable in duly established legal action for any civil or criminal claim in a third country.
HOW WE ENSURE THE PROTECTION OF YOUR PERSONAL DATA
We have implemented appropriate organizational and technical measures (including physical access controls and secure software and operating environments) to keep your Personal Data confidential and secure. Please note, however, that these protections do not apply to information you choose to share in public areas such as third-party social networks. Where we have provided you (or where you have chosen) with a password that grants you access to specific areas on our site, you are responsible for keeping this password confidential. We request that you do not share your pin, password, or other authentication details (e.g., token-generated codes) with anyone.
PERSONAL DATA BREACH NOTIFICATION
Wema Bank will inform relevant authorities and if necessary affected individuals of personal data breach within 72 hours of being aware of the breach, where Personal Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. Remedies shall include but not be limited to investigating and reporting to appropriate authorities, recovering personal data, correcting it, and/or enhancing controls around it.
Wema Bank Plc. would like to make sure you are fully aware of all your data protection rights. Every customer is entitled to the following:
- The rights to access - You have the right to request from Wema Bank for copies of your personal data where those requests are reasonable and permitted by law or regulation. We may charge you a fee for this service.
- The right to rectification - You have the right to request that Wema Bank correct any information you believe is inaccurate. You also have the right to request Wema Bank Plc. to complete information you believe is incomplete.
- The right to restrict processing - You have a right to ‘block’ or withdraw or revoke your consent to our processing of your information, which you can do at any time. When processing is restricted, we are permitted to store personal data, but not further process it.
- The right to erasure - You have the right to request the deletion or removal of personal data where there is no compelling legal or regulatory requirement for its continued processing. Wema Bank will make sure that this right is protected.
- The right to data portability - You have the right to request that the bank transfer the data that we have collected to another organization, or directly to you, under certain conditions. We will ensure that personal data is moved, copied, or transferred easily from one IT environment to another in a safe and secure way, without hindrance to usability.
- The right to refusal - You have the right to refuse the processing of your information if there are compelling legitimate grounds to do so and to the extent permitted by law or regulation.
To exercise your right(s), please contact the Data Protection Officer of Wema Bank at firstname.lastname@example.org.
You also have the right to:
- Receive your Personal Data in a commonly used and machine-readable format and the right to transmit these data to another Data Controller when the processing is based on (explicit) consent or when the processing is necessary for the performance of a contract.
- Lodge a complaint with the National IT Development Agency (NITDA) where you believe our processing of your data violates the requirements of the Nigeria Data Protection Regulation 2019 (NDPR).
AUTOMATED PROCESSING INCLUDING PROFILING
As a data subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning or significantly affects you. We are committed to complying with this right under NDPR.
If we use automated decision-making, we will provide you with clear and concise information about the types of decisions that may be made and the potential impact on you. We will also implement appropriate safeguards to protect your rights and freedoms, such as ensuring that decisions are fair and transparent and that you have the right to challenge the decision or request human intervention.
We may use automated decision-making in the following circumstances:
- a) when it is necessary for entering into or performing a contract between you and Wema Bank.
- b) when it is authorized by law, subject to appropriate safeguards to safeguard your rights and freedoms; or
- c) when it is based on your explicit consent.
If you wish to exercise your right to object to automated decision-making, you can contact our data protection officer or privacy representative. We are committed to ensuring that your rights under NDPR are respected and that you have control over how your personal data is processed.
MACHINE LEARNING MODELS AND BUSINESS RULES SURROUNDING THE MODELS
The Bank’s Data Analytics team has in-house machine learning models further described below:
The Churn Model
This is a predictive classification model that measures the churn rate of the customers by segmenting these customers into different buckets based on some business rules using selected attributes of the customers as features.
THE PRODUCT RECOMMENDATION MODEL
This model takes one product at a time with respect to similarities between a customer and other customers using their common attributes. These attributes are inputs in building the model for recommending products to similar customers using user-based similarities.
CUSTOMER LIFETIME VALUE MODEL
This Is a predictive linear regression model that focuses majorly on the average balance of the customers in conjunction with the demographic and behavioral pattern of transactions of these customers in predicting the profitability of these customers.
This is a rule-based engine that segments the bank’s customers into different categories based on some business rules. This grouping was done based on Customer Segments (HNI, Affluent & Mass Market), demographic characteristics and customer behavior.
PERSONAL DATA RETENTION PERIOD
We take the privacy of your personal data seriously, and we will only retain it for as long as is necessary for the purposes for which it was collected. Once the purpose for which the personal data was collected has been fulfilled, we will destroy the personal data, unless retention is required to comply with legal, regulatory, or accounting requirements or to protect Wema Bank's interests.
We will provide you with clear and concise information about the retention periods for different types of personal data, and the criteria used to determine these periods. We regularly review our retention policies to ensure that personal data is not retained for longer than necessary.
Please note that regulations may require the Bank to retain your personal data for a specified period even after the end of your banking relationship with us. However, we will ensure that we comply with the applicable legal and regulatory requirements.
If you wish to exercise your right to request the deletion of your personal data, you can contact our data protection officer. We will consider your request carefully and will provide you with a clear and concise explanation of any circumstances where your request may be denied.
It's also important to note that it is your responsibility to maintain the secrecy of any user ID and login password you hold. This will help to ensure that your personal data is kept secure and confidential.
You are responsible for making sure the information provided to the Bank is accurate and should inform the Bank on any changes as it occurs, this will enable us to update your information with us.
Wema Bank respects the privacy of children. We do not knowingly collect names, email addresses, or any other personally identifiable information from children through the Internet or other touchpoints. We do not allow children under the age of 18 to open accounts nor provide online banking for children less than 18 years of age without the consent of a guardian. Our website may include linked 3rd party sites that would be of interest to children. We are not responsible for the privacy and security practices of these sites. Parents should review the privacy policies of these sites closely before allowing children to provide any personally identifiable information.
To maintain the security of our systems, protect our staff, record transactions, and, in certain circumstances, to prevent and detect crime or unauthorized activities, Wema Bank PLC reserves the right to monitor all electronic communications to make sure that they comply with our legal and regulatory responsibilities and internal policies.
In providing your telephone, facsimile number, postal and e-mail address, or similar details, you agree that Wema Bank PLC may contact you by these methods to keep you informed about Wema Bank products and services or for any other reason. If you prefer not to be kept informed of Wema Bank products and services, please contact Wema Bank PLC by E-mail (email@example.com) or through any of our branches.
Wema Bank reserves the right to amend its prevailing Data Protection and Privacy Statement at any time and will place any such amendments on our websites (www.wemabank.com, www.alat.ng, & outlet.alat.ng). The latest version of our privacy statement will replace all earlier versions unless it says differently. Please check back frequently to see any updates or changes to our Notice. This policy is not intended to, nor does it, create any contractual rights whatsoever or any other legal rights, nor does it create any obligations on Wema Bank PLC in respect of any other party or on behalf of any party.
If you have any further questions or comments about us or our policies, please do not hesitate to contact us.
Email us at: firstname.lastname@example.org
Call us: +234-803-900-3700.