Fortis Mobile Money.
The Data Protection Officer (DPO) for Fortis Mobile Money is in charge of making sure that this document is accurate and current. The DPO also makes sure that individuals are properly informed before the organization collects and processes their personal information, including information obtained through the website of Fortis Mobile Money. Each and every member of the Fortis Mobile Money team who deals with personal data must be sure to abide by the guidelines outlined in this policy document.
Fortis Mobile Money is dedicated to maintaining the security and privacy of our personal information. We are in charge of deciding how we store and utilize the personal data of our data subjects. Fortis Mobile Money is required by the Nigeria Data Protection Regulation (NDPR) to inform data subjects of the information in this document.
Why We Need the Data
Fortis Mobile Money makes sure that the personal data it collects and processes is essential for the purposes for which it was obtained and does not gather or process more information than is reasonably necessary for a given processing activity.
Legal Grounds for Processing
Fortis Mobile Money identifies, establishes, defines, and documents the specific purpose of processing and the legal basis for processing personal data (including any special categories of personal data processed) before any processing operation takes place under:
· Consent obtained from the data subject;
· Performance of a contract where the data subject is a party;
· Legal obligation that the organisation is required to meet;
· Protect the vital interests of the data subject, including the protection of rights and freedom of the Data Subject
· Official authority of the organisation or to carry out the processing that is in the public interest;
· National law such as biometric data.
Where apllicable, Fortis Mobile Money will require the explicit consent of customers, visitors, and other relevant stakeholders to process collected personal data.
On this ground, if any data subject (customer, client, visitor, vendor, staff, or third party) does not agree to Fortis Mobile Money collecting and processing their personal data, such individual is not allowed to enjoy the organisation’s service(s) where applicable.
If, for any reason, the organisation is requesting sensitive personal data from its stakeholders (external and internal), the individuals will be rightly notified why and how the information will be used.
Where processing relates to a child under 18 years old, as in the case of NDPR or 16 years in the case of GDPR, Fortis Mobile Money shall demonstrate that consent has been provided by the person who holds parental responsibility over the child Fortis Mobile Money shall demonstrate that reasonable efforts have been made to verify the age of the child and establish the authenticity of the parental responsibility taking into consideration available technology.
Withdrawal of Consent
Irrespective of initial consent given, an individual can withdraw their consent at any time by making a withdrawal of consent request.
Fortis Mobile Money demonstrates the data subject (customer, client, visitor, vendor, staff, or third party) has withdrawn consent to the processing of his or her personal data with a Withdrawal of Consent form. Where the processing has multiple purposes, Fortis Mobile Money will also demonstrate withdrawal of consent for each purpose as recorded in the Withdrawal of Consent Form.
For child consent, Fortis Mobile Money shall demonstrate that the holder of parental responsibility over the specified child has withdrawn consent using a Parental Consent Withdrawal form. The organisation will also demonstrate that reasonable efforts have been made to establish the authenticity of the parental responsibility, when withdrawing consent for the specified child, considering available technology.
Where applicable, the Data Protection Officer will inform the relevant process owner of this change, and the processing activities that relied upon the consent is stopped immediately, in accordance with the relevant process.
The website for Fortis Mobile Money employs both functional cookies (which enable the company to “remember” the user’s choices and preferences and expire when you close your web browser) and performance/analytical cookies (which enable the company to gather specific information about how a visitor/user navigates the sites and remain on your device until you delete them).
Fortis Mobile Money may use the information we obtain from your use of our cookies to:
· Recognize your computer when you visit our website,
· Track you as you navigate our website,
· Improve the website’s usability (including our Live Chat application to answer questions you have in real time,
· Analyze the use of our website – such as how many people visit us each day, and
· Manage the website
Users can disable cookies and prevent the setting of cookies by adjusting the settings on their browser. However, this is not recommended, as disabling cookies may also disable certain functionality and features of the site.
With the exception of circumstances in which the organization may be required to divulge personal data of individuals in accordance with a legal obligation in response to inquiries from governmental authorities or law courts on matters involving national security or law enforcement requirements, Fortis Mobile Money will not disclose its data subjects’ personal information to third parties without their prior consent.
In situations where the processing of personal data will involve investigation of potential violations of the organisation’s Terms of Service, fraud prevention/mitigation, security issues management, and the preservation of the rights and freedom of staff, customers, and clients, the organisation shall establish an appropriate legal ground for such data transfers.
Fortis Mobile Money has put in place, to the best of its ability and in line with standard global practices, physical, technical, and organisational measures (including secure encryption and anonymisation) to ensure the optimum protection of personal data, which also extends to data transferred or shared with third-parties.
Fortis Mobile Money may also engage third parties abroad (such as other organisations, contractors, government-authorised agencies, etc.) that will receive personal data for certain purpose(s) as part of the organisation’s processing activities and process them on the organisation’s behalf. Where this is the case, the organisation will enter into a Data Processing Agreement with the third party and also ask for your consent if the purpose of processing was not initially stated on inception and be satisfied that the third party has adequate measures in place to protect the data against accidental or unauthorised access, use, disclosure, loss, or destruction.
In such a case where the disclosure is to third parties outside the jurisdiction of the NDPR, Fortis Mobile Money will ensure that the third party meets the core global regulatory standards prior to the transfer. This may include transferring the personal data to the third party where the organisation is satisfied that:
· the country of the recipient has adequate data protection controls established by legal or self-regulatory regime. However in a case not covered by an adequacy decision from the NDPB;
· It has a contract in place that uses existing or approved data protection clauses to ensure adequate protection
· It is making the transfer under approved binding corporate rules
· Provisions inserted into administrative arrangements between public authorities or bodies authorised by the supervisory authority NDPB.
Fortis Mobile Money stores a broad spectrum of personal information, which indicates that retention periods differs with the type of data collected and stored. All information Fortis Mobile Money holds is stored and retained, stored and destroyed in compliance with NDPR’s guideline on the retention of records and personal data.
Fortis Mobile Money will retain your personal data as long as the information is active on the organisation’s systems and neccesary for the organisation’s service delivery purposes. This retention period is verified and established with special considerations to the following areas:
· The requirements of the organisation
· The type of personal data
· The purpose of processing
· Lawful basis for processing
· The categories of data subjects
Details of the Fortis Mobile Money’s personal data retention periods for the different categores of personal data is captured in the Records of Processing Activities document (internal document)
This retention period is established to enable the organisation use the personal data for the necessary legitimate purposes identified, in full compliance with the regulatory requirements. When the personal data is no longer needed or beyond the stipulated retention period, Fortis Mobile Money will delete or detroy it from it’s systems and records, or take steps to securely archive it while protecting your identity and privacy rights as the case may be.
At any point while Fortis Mobile Money is in possession of or processing personal data, the data subject, has the right to:
· Request a copy of the information that the organisation holds about them
· Correct the data that is inaccurate or incomplete
· Ask for their data to be erased from the organisation’s systems/records
· Restrict processing of their personal data where certain conditions apply
· Have their data transferred to another organisation
· Object to certain types of processing like direct marketing
· Object to automated processing like profiling, as well as the right to be subject to the legal effects of automated processing or profiling
· Complain and pursue judicial review in the event that the organisation refuses their request under rights of access without a clear and justifiable reason as to why
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
If for any reason a vendor/contractor, customer, or staff wishes to make a complaint about how Fortis Mobile Money (or any of the organisation’s third parties) handles or have handled their personal data, or how their complaint has been handled, they have the right to lodge a complaint directly with the supervisory authority and Fortis Mobile Money Data Protection Officer.
Privacy Contact Information
· Fortis Mobile Money