Privacy Policy

Effective Date: June 8, 2025

1. Introduction

Credinova Microfinance Limited ("Credinova") has created this Privacy Policy to explain how Credinova collects, uses, discloses, and protects your Personal Data. You accept this Privacy Policy and consent to save, process, and use your Personal Data to the extent allowed by law when you provide us with details or click the "Accept" button. You have the right to withdraw your consent at any time, provided we do not have another legal basis to continue processing your Personal Data.

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and in some cases, by adding a notice to our website or sending you an email. We encourage you to review this Privacy Policy whenever you interact with us to stay informed about our information practices and how you can help protect your privacy.

2. Collection of Information

We may collect and process the following information about you:

Information you provide directly (e.g., filling out contact or web forms, registering for alerts or updates).
Personal Data provided when signing up for a service or purchasing a product.
Data we obtain automatically (e.g., browser or device information, pages visited, traffic and location data).
Customer support interactions via phone, email, or chat.
[Optional surveys or research-related queries you may choose to respond to].

3. Use of Personal Data

We may use your Personal Data, including non-public Personal Data as follows:

Provide, maintain, and improve our services.
Process transactions and send related confirmations.
Verify identity and prevent fraud.
Send technical notices, updates, security alerts, and administrative messages.
Respond to comments, questions, and provide customer support.
Communicate offers, promotions, rewards, and events.
Monitor and analyse usage trends and activities.
Personalise content, features, and advertisements.
[Process contest or promotion entries and rewards].
Link or combine with data from other sources to better understand your needs.
Any other purpose for which the data was collected.

(Credinova Microfinance Limited) is based in Nigeria and the information we collect is governed by the Nigeria Data Protection Act (NDPA) and Regulations made thereto and Nigeria Data Protection Regulation (NDPR) as well as other regulations made hereunder; (together “Nigeria Data Protection Laws"). By accessing or using the Services or otherwise providing information to us,you consent to the processing and transfer of information in and to Nigeria [and other countries].

4. Disclosure of Information

(Credinova Microfinance Limited) only discloses Personal Data with other companies or individuals in the following limited circumstances:

We may provide such Personal Data to affiliated companies or other trusted businesses or persons for the purpose of processing Personal Data on our behalf. We require that these parties agree to process such Personal Data based on our instructions and in compliance with the Nigerian Data Protection Laws and any other appropriate confidentiality and security measures. When they no longer need your Personal Data to fulfil this service, they will dispose of the details in line with the Nigerian Data Protection Laws.
[With other third-parties such as email service providers that perform marketing services on [Name of Company]’s behalf].
With other non-affiliated companies for our everyday business purposes, such as to process transactions, maintain accounts, respond to court orders and legal investigations.
In response to a request for Personal Data, if we are required by, or we believe disclosure is in accordance with, any applicable law, regulation or legal process.
With relevant law enforcement officials or other third parties, such as investigators or auditors, if we believe it is appropriate.
In connection with, or during negotiations of, any merger, sale of (Credinova Microfinance Limited) assets, financing or acquisition of all or a portion of our business to another company; and
With your consent or at your direction, including if we notify you that the Personal Data you provide will be shared in a particular manner and you provide such Personal Data.
We may also share aggregated or de-identified or anonymized Information, which cannot reasonably be used to identify you.

When (Credinova Microfinance Limited) does not have a lawful basis for disclosure of your Personal Data, (Credinova Microfinance Limited) will obtain consent from you before sharing your Personal Data with third parties. Where Beyond Energy Resource Limited need to transfer your Personal Data to another country, such country must have an adequate data protection law. We will seek your consent where we need to send your Personal Data to a country without an adequate data protection law.

5. Security

(Credinova Microfinance Limited) takes reasonable measures to help protect all Personal Data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Additionally, Beyond Energy Resource Limited implements policies designed to protect the confidentiality and security of your Personal Data, including a Data Protection Policy. [We have also taken measures to comply with provision of security facilities for the protection of your Personal Data through the set-up of firewalls, limited access to specified authorized individuals, encryption and continuous capacity building for relevant personnel. We therefore have digital and physical security measures to limit and eliminate possibilities of data privacy breach incidents].

6. How Long We Keep Your Personal Data

We retain your Personal Data only as long as necessary to fulfil the purposes outlined or to comply with legal, regulatory, or internal policy requirements.

7. Where We Store Your Personal Data

The Personal Data (Credinova Microfinance Limited) collects from you may be transferred to and stored at a destination outside Nigeria. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely with an appropriate level of protection and that the transfer is lawful.

8. Your Rights as a Data Subject

The law gives you certain rights in respect to your Personal Data Beyond Energy Resource holds about you. Below is a highlight of some of those rights. At any point while we are in possession of or processing your Personal Data, you, the Data Subject has the following rights:

Right of Access: You have the right to request a copy of the information that we hold about you. We will respond to your access request within one-month of receiving your request. Where we are not able to provide this personal data to you within the One-Month timeline provided by the Nigerian Data Protection Laws, we will communicate same to you, and may request an additional time within which we will provide the information to you. Your Personal Data shall be provided to you in a structured, commonly used and machine-readable format.
Right to Rectify: You have the right to correct the Personal Data we hold about you that is inaccurate.
Right to Be Forgotten: In certain circumstances you may ask for the data we hold about you to be erased from our record.
Right to Restrict Processing: Where certain conditions apply, you have a right to restrict processing of your Personal Data.
Right to Portability: You have the right to have your Personal Data transferred to another organisation.
Lodge Complaint: You have a right to lodge a complaint about the handling of your Personal Data with the Nigeria Data Protection Commission (NDPC) at https://ndpc.gov.ng/
Right to Object: You have the right to object to the Processing of Personal Data.

NDPC’s website ( https://ndpc.gov.ng/) has a wealth of useful information in respect of your rights over your Personal Data. If you wish to exercise your rights, you may contact our Data Protection Officer at [email protected].

9. Breach / Privacy Violation

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, Beyond Energy Resource Limited shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to the Commission.

Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your Personal Data, we shall within 7 (Seven) days of having knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.

10. Questions or Concerns

If you have any questions or concerns about this policy, contact us at [email protected].