TABLE OF CONTENTS

PRIVACY POLICY

Last updated March, 2022

1. INTRODUCTION

Kredete is a platform that provides a simplified model for managing finances. We offer free credit scores, reports, and credit monitoring to help users improve their financial health and understand their credit standing. This Privacy Notice (the “Notice”) guides your use of our Website: https://www.kredete.com/ (the “Website”)and your rights regarding our collection, use, storage, and protection of your personal data when you visit, access, browse through, and/or use our Website or Services. Your privacy is important to us.

2. TERMS OF USE

You are required to comply with the provisions of our Terms of Use in relation to the information provided.

3. YOUR PERSONAL DATA THAT WE PROCESS

Personal data means any information about an individual from which that person can be directly or indirectly identified. In connection with the services we provide, we collect personal and financial information from you while you use our products and services and when you create an account or sign in to our Website. We may ask you to provide us with certain personal data to contact or identify you, and some may be collected automatically for our Website to function effectively. We also collect personal data when you provide feedback and/or report a problem. We do not consider personal data to include information that has been made anonymous such that it does not identify a specific user.

The personal data we obtain include:

First and last name

The domain name of the Internet service provider (ISP)

Email address

The Internet protocol (IP) address used to connect your device to the Internet for identification purposes

Phone number

Device data

Account details (including username and password)

Web pages visited, duration and frequency of visit

Transactional data (information relating to payment)

Date and time of your visits

Financial information (which may include ATM card details, Bank Verification Number (BVN), credit worthiness, etc.)

Location data

Marketing and communications data (includes both a record of your decision to subscribe to our newsletter or to withdraw from receiving marketing materials from us)

4. COOKIES

Cookies are tools used to collect information automatically from you when you visit a website. You can read our cookie notice here.

5. LAWFUL BASES FOR PROCESSING DATA

We are required to process your data under at least one of these lawful bases:

a. Legitimate interest: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights and interests do not outweigh those interests.

b. Consent: You have given explicit consent for us to process your data for a specific purpose.

c. Contract: If your data processing is necessary for a contract you have with us or because we have asked you to take specific steps before entering into that contract.

d. Legal obligation: If the processing of your data is necessary where there is a statutory obligation on us.

6. PURPOSE OF PROCESSING YOUR DATA AND THE LAWFUL BASIS

We collect your data to:

Purpose of Processing

▪ To administer our business.
▪ To help us to develop, improve, customise or restructure our services.
▪ To enforce our terms of service and any terms and conditions of any other agreements for our services.

Legitimate interest, contract

▪  To take statistical data and analytics for our use internally.
▪  To send you service-related messages.
▪ To analyse Site usage and provide, maintain and improve the content and functionality of the Site.

Legitimate interest

Consent

▪  To secure your data and prevent fraud.

Legitimate interest, legal obligation

▪  To create and manage your account.
▪  To communicate with you.
▪  To address your inquiries, process your registration, and complete your transactions.
▪  To enable an easy and effective payment system.

Contract

▪  To inform you whenever there are changes to our terms of business or services.

Legal obligation, contract

▪  To fulfil our Know Your Customer (KYC) obligation.
▪  To interact with regulatory authorities or other public authorities concerning you.

Legal obligation

7. YOUR RIGHTS AS A DATA SUBJECT

The law vests you with certain rights as a data subject. They include the right to:

a. access personal data we hold about you by requesting a copy of the personal data we hold about you; b. rectify such information where you believe it to be inaccurate; c. restrict the processing of your data in certain circumstances; d. object to the processing of your data where we intend to process such data for marketing purposes; e. where feasible, receive all personal data you have provided to us —in a structured, commonly used, and machine-readable format—and transmit the information to another data controller; f. request the erasure of your data (also known as the right to be forgotten); g. withdraw your consent to the processing of your personal data; and h. lodge a complaint with a relevant authority, where you have reason to believe that we have violated the term(s) of this Privacy Notice. (You may complain or seek redress from us within 30 days fromthe time you first detected the alleged violation).

You may seek to exercise any of the above rights at any time by sending an email to us at: [...].
The supervisory authority is the Nigerian Data Protection Bureau (NDPB), and you may choose to lodge a complaint via email at info@ndpb.gov.ng.

8. WHO WE SHARE YOUR DATA WITH

We may share your data with the following third parties:

Third parties

Webflow

We use Webflow for hosting and maintaining our website. Read Webflow’s privacy notice here.

Stripe

We use Stripe to process your payment if you make purchases. Read Stripe’s privacy notice here

Google

We use Google services for our website’s operation. Read Google’s privacy notice here

AWS

We use AWS cloud services for our website’s data storage. Read AWS privacy notice here.

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Financial institutions

We collaborate with various financial institutions to create and offer our product, and we may only use this information to market our related products unless the customer has given consent for other uses.

Legal and Regulatory Authorities

We may disclose your information if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, or audit, or to protect any person's safety, or to address fraud, security, or technical issues.

Note that if you wish to prevent your device’s operating system from sharing your personal data with Kredete Inc. or with the third parties mentioned for profiling purposes, you can do so by setting up your device appropriately — namely, by changing the privacy settings on your device to disable/restrict any advertising tracking features. For more information on this, please see the following links:

iOS Devices: https://support.apple.com/en-us/HT202074
Android Devices: https://support.google.com/ads/answer/2662922?hl=en

9. RETENTION OF YOUR DATA

The data and any other information we collect from you will be stored for as long as necessary to fulfil the purposes described in this Notice. However, we will retain data subject to relevant provisions of applicable laws in order to resolve disputes, prevent fraud and abuse, and enforce our legal agreements and policies. Furthermore, once you unsubscribe from our marketing communications, we delete your data for targeted marketing purposes. Please keep in mind that your data may be kept for a longer period of time despite your request to have it removed if there is a legal requirement to do so.

10. HOW DATA IS STORED AND SECURED

We are very particular about preserving your privacy and protecting your data. We deploy reasonable and appropriate technical and organisational measures to keep your data safe. However, we cannot completely guarantee the security of any information you transmit via our website, as the internet is not an entirely secure place. Nevertheless, we are committed to doing our best to protect you. We protect your data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. Where there is an actual or suspected data breach capable of causing harm to your rights and freedoms, we will notify you without undue delay and use our best effort to remedy the breach promptly.

11. INTERNATIONAL TRANSFER OF DATA

To achieve the purposes described in this Notice, we may transfer your data to foreign countries. We will take additional precautions to ensure the adequate protection of personal information when transferring it to a country other than where we operate. We comply with applicable local laws and regulations in the countries where we operate when conducting international data transfers. This includes transferring data to countries deemed adequate under applicable laws, obtaining licences or approvals from the relevant authority, maintaining appropriate documentation, obtaining explicit consent, and performing contractual obligations.