2.1

We will only collect and process your data based on consent and for each information we indicate that we collect under the Notice, you agree to have consented to their collection, processing, storage, use and disclosures.

2.2

For other information we may require which are not expressly stated under this notice, we will request for your consent and authorisation before collection, storage and use;

2.3

We provide you with the option to accept this Notice by clicking on the “Accept” button on our platform. When you withdraw your consent after using our service, information collected prior to your withdrawal will be processed in accordance with the version of this Notice that was in place when you used our services

2.4

All data collected by us in your use of our services, will only be used for the purposes disclosed to you at the time of collection. Your information will not be used for any undisclosed or misrepresented purpose.

3.1

We collect your information to provide you with our suite of services and to enhance your experience on our platform.

3.2

We collect the following categories of information:

3.2.1

Onboarding Information

To enable us to fulfil Customer Due Diligence (“CDD”) requirements while onboarding you on our platform, we will request for certain information from you which is necessary to assess your eligibility and to fulfil the requisite CDD requirements. This information encompasses details such as your company name, business address, employer identification number and the intended utilisation of our services, which may include:

3.2.1.1

send money to the US

3.2.1.2

send money to Nigeria

3.2.1.3

open a United States Dollars (USD) account

3.2.1.4

create USD cards for yourself and your employees

3.2.2

Personal information

We collect information regarding the name, email address, and residential address of control persons and individuals who own up to 25% equity in your business. This information is relevant for the purpose of ensuring that we comply with our obligations for the prevention of financial crimes.
We also request information concerning the beneficiary of each transaction initiated by you at the time of the transaction. This includes their name and bank account information. You understand that it is your responsibility to obtain the consent of these third parties before disclosure.

3.2.3

Transaction records

In compliance with anti-money laundering requirements and for our business purposes, we collect information as to the records of transactions carried out by you on our platform. This data includes records of the transfers made to our account for payout to your beneficiaries and the time the transfer was made.

3.2.4

Usage Information

We may collect information about how you interact with our Services including your IP address, your devices information, browser type, and activity logs.
We also keep records of your communications to us through our customer support channel and the information you submit to us through user surveys we may request you to complete from time to time.

4.1

Eligibility check for onboarding

To use our services, Users must be corporate entities duly incorporated under their local laws . Consequently, we collect corporate information (including details of control persons and beneficial owners) to verify that these entities are legally established, operational, and meet our eligibility requirements. Additionally, we verify the identities of the individuals behind these corporate entities.

4.2

Regulatory compliance obligations

As participants in the financial services industry, we uphold stringent measures to prevent the misuse of our services for fraudulent purposes such as money laundering, terrorism financial, proliferation financing and other unlawful activities. For this purpose, we collect information relating to your business, personal information of your Beneficial Owners (BOs) and beneficiaries for screening against various public records and sanctions lists. Additionally, we retain transaction records as required by law to serve as vital support for law enforcement agencies during investigations.

4.3

Legitimate business interests

To the extent permitted under the Nigeria Data Protection Regulation and the Data Protection Act, we rely on our legitimate business interests to process your data for the following reasons:

4.3.1

To provide our services to you;

4.3.2

To process and fulfil your requests for sending money to the beneficiaries;

4.3.3

To communicate with you, respond to your inquiries and provide customer support;

4.3.4

Detect, monitor, and prevent fraud;

4.3.5

To enhance our user experiences and troubleshoot technical issues

4.3.6

Manage, operate, and improve the performance of our services and our platforms;

4.3.7

Protect you, our services, and our platform from malicious activity and other privacy and security risks;

4.3.8

Enable network and information security throughout our platform and services;

4.3.9

Investigate any misuse of our services or our platform in accordance with our terms of use;

4.3.10

To conduct record keeping and otherwise manage our business;

4.3.11

For any other purpose with your consent

4.4

Your consent

One of the basis on which we process your Personal Information is your consent where you agree to us collecting your Personal Information by using our Services.You also have the choice at any time to withdraw consent which you have provided

5.1

We collect information when:

5.1.1

You onboard on our platform to use our services;

5.1.2

You carry out any transaction through our platform;

5.1.3

Communicate with us through our customer support channels

We share your User Information for a number of purposes:

6.1

With our partner banks in order to comply with regulations and the bank’s regulatory obligations;

6.2

With third parties party service providers that performs services on our behalf as needed to carry out their work for us, which may include providing the following services: tax and accounting, fraud prevention services, identity verification, services, web hosting, customer and support services or analytics services;

6.3

Third parties, to investigate fraud inside or outside our Services;

6.4

To card networks in case you are issued a card by our partner banks;

6.5

To independent external auditors or other service providers around the world;

6.6

To support our audit, compliance and corporate governance functions;

6.7

In connection with change of ownership or control of all or part of our business, such as a merger, acquisition, reorganization or bankruptcy;

6.8

For our everyday business purposes such as processing your transactions, maintaining your accounts or reporting to regulatory authorities;

6.9

Third parties at your request;

6.10

Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to:

• Comply with the law and the reasonable requests of the law enforcement;
• With regulators and self-regulatory bodies to which we are subject, wherever we do business
• Enforce our Terms of Use or to protect the security or integrity of our Services and or;
• Exercise or protect the rights, property or personal safety of Cleva or other User;
• Protect against legal liability
• If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order);
• In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
• Between and among Cleva and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
• As we believe reasonably appropriate to protect the rights, privacy, safety, or property of you, Developers, our partners, and others; or
• For any other notified purpose with your consent.
6.11

We do not sell or rent personal information that we collect.

7.1

Cookies are text files with small pieces of data sent to your device to enable us to store information about you when you browse on our website if you agree.

7.2

We employ cookies to monitor your local computer settings so as to detect unauthorized access. We may also expand our use of cookies to include the collection of additional data such as passwords, preferences, and other details as improvements are made on our services.

7.3

We shall grant you an opportunity to either accept or reject cookies used on our browsers. However, if you choose to reject the cookies, you may not be able to access some functionalities and web pages on our site or mobile applications.

7.4

We shall, as much as reasonably within our abilities, not collect information that identifies any of our Customers personally unless the Customer has provided some personal information to us before then.

7.5

If you would prefer not to accept cookies, most browsers will allow you to:

7.5.1

Disable existing cookies;

7.5.2

Set your browser's settings to automatically reject cookies

During the course of our business relationship with you, we may share your personal information with the following persons and for the following reasons:

8.1

Service providers: we engage the service of trusted third-party service providers to assist us in delivering our Services, and they include: regulated financial institutions, identity verification service providers, fraud prevention service providers, and web hosting services for the routine maintenance of our software systems. These service providers are bound by contractual obligations to keep your information confidential and secure.

8.2

Mandatory disclosures to legal or regulatory authorities: we may disclose your information if required to do so by a legal or regulatory authority, or in response to a valid legal request or court order.

8.3

Business partners: we have business partners, including regulated financial institutions, for the purpose of providing one or more components of our services to you. We may disclose your information to them for the purpose of providing our services to you and to assist them in complying with their obligations under the law.

9.1

We maintain organisational, technical and administrative measures designed to protect your personal data against unauthorised access, disclosures, alteration, misuse and destruction;

9.2

We use secured web services that have been configured to run within a virtual private connection and an SSL certificate to make sure that all communications are made over HTTPs SFTP using SSL. We shall also use our best endeavors to safeguard the confidentiality and security of your personal data however, please note that no method of transmission over the internet is completely secure therefore, we cannot assure you of an absolute security of your data;

9.3

We will retain your data for as long as you use our services and access our platform;

9.4

All information collected on our platforms using Amazon Web Services (AWS). Access to this information is restricted to employee responsible for screening;

9.5

However, for legal and regulatory compliance reasons, we will retain your personal data for an additional period of seven years after the termination of the relationship between us;

9.6

During this period, you may exercise your right to be forgotten/erasure/deletion by requesting that we delete your data before and we may do so immediately upon your request:

9.6.1
When no statutory provision states otherwise;
F
9.6.2

When after inquiry we can ascertain that you are not subject to an investigation or lawsuit that may require the retention of the data sought to be deleted;

9.7

Also, we may retain your data stored in our database , after you request that we delete it if:

9.7.1

We have a legal obligation to retain it;

9.7.2

It is necessary to retain such information for fraud prevention and to enhance the safety of our users.

We may transfer your data to our partners in the US or UK for the purpose of providing the services to you. This transfer will only be made after we have ascertained that our partners have implemented adequate security measures to ensure the protection of your data.

11.1

You have the following rights in relation to you data held by us

11.1.1

The right to have access to your personal data

11.1.2

The right to be informed about the processing of your personal data

11.1.3

The right to rectify any inaccurate personal data or any information about you.

11.1.4

The right to review, modify or erase any personal data and any information we have about you. This is referred to as your right to be forgotten.

11.1.5

The right to restrict the processing of your personal data

11.1.6

The right to block the processing of your personal data that is done in violation of any applicable law

11.1.7

The right to be informed about any erasure or rectification of your personal data or restriction of any processing carried out

11.1.8

The right to the portability of your personal data; and

11.1.9

The right to lodge a complaint to a supervisory authority within your country of residence.

11.2

At your request, we will provide the personal data held by us in a structured manner, commonly used and machine-readable format;

11.3

We will restrict you from transmitting those data in our database to another company where the processing is based on consent, on a contract, and processing is carried out by automated means;

11.4

To exercise any of your rights under this Notice, you may contact us through the email address provided under this Notice. However, please note that we may request that you complete a form and provide suitable identifications to verify your identity. Once the form is completed where required, we will provide you with the requested information within a period not exceeding two months. However, we have a right to refuse your request where we notice that the request is repetitive or excessive;

11.5

Please note that your right to the erasure of your data does not apply to legal necessities like invoices, audit logs, subscription information, and the data archived on our backup systems. For such data, we shall securely isolate and protect their users from any further processing;

11.6

Where any of the rights as provided for under this Notice is breached, the resolution shall be in accordance with the dispute resolution mechanism in our Terms of use.

Children’s Privacy Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected Personal Data from a child, we will take prompt steps to delete such information from our records.

13.1

This Notice is made pursuant to applicable data protection laws and regulations, including but not limited to the United States' data protection laws, United Kingdom's General Data Protection Regulation (UK GDPR), Nigeria Data Protection Regulations (NDPR), and the Nigeria Data Protection Act.

13.2

Any part of this Notice found to be inconsistent with the provisions of the above mentioned enactments shall be deemed severed. However, such severance shall not affect that legality or enforceability of the other parts of this Notice.

Where any of your rights as provided for under this Notice is breached, resolution shall be in accordance with the provision of our Terms of Use, provided that you can only apply for a remedy within a period of 2 years within which the breach occurred. If you have any questions or complaints about the Terms or our privacy practices generally, you can contact us at legal@getcleva.com.

If you have any questions, requests, or concerns regarding this Notice or our data practices, please contact us at legal@getcleva.com.