Introduction
NIRSAL Plc is a Non-Bank Financial Institution wholly owned by the Central Bank of Nigeria (CBN). It was established to redefine, measure, and manage agribusiness-related credit risks in Nigeria. NIRSAL PLC is registered in Nigeria with RC number 1094118.

Privacy Commitment
NIRSAL PLC is committed to protecting the privacy and security of Data Subjects. This Privacy Statement describes our practices concerning the collection, use, disclosure, and protection of your data in line with the Nigeria Data Protection Act (2023), Nigeria Data Protection Regulation (2019), and other applicable data privacy laws and regulations.

Our privacy policy details how we collect, use & disclose the personal data & non-personal data we collect from, and about you when you access or use our website, online community or interact with us on the phone or in person.

Why We Use Your Information Your information is used for risk assessment and financing processes, Know-Your-Customer (KYC) requirements, performance monitoring, reporting, collaboration with institutions, providing training, communicating findings, offering support, complying with legal requirements, and enhancing security.
Legal Basis for Processing  We process data based on your consent, contract, legitimate interests, and legal obligations.
Sharing Information We may share your data with financial institutions, government agencies, service providers, partners/ collaborators, law enforcement authorities, and insurance companies under contractual agreements as stipulated in the NDPR/NDPA
Data Security We protect your data with encryption, security audits, regular penetration testing, access controls, And data breach response protocol.
Data Retention We retain data as long as necessary or required by law, after which it is securely deleted or anonymized.
Your Rights You have the right to

  • Access your data,
  • Request corrections,
  • Ask for deletion,
  • Restrict processing,
  • Object to processing,
  • Withdraw consent (when applicable)
  • Data Portability.
  •  Be informed about automated decision-making
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC).
Contact Us For queries or concerns, contact our Data Protection Officer at:

NIRSAL House,

Plot 1581, Tigris Crescent,

Off Aguiyi Ironsi Street,

Maitama, Abuja.

Email: [email protected]

Telephone: +234 704 257 5261,

+234 704 219 3708

 

Information We Collect
NIRSAL PLC collects and processes personal data necessary for our operational activities. In broad terms, this involves the type of information we collect:

  • Personal Identification Information: Full name, gender, date of birth, marital status, state of origin, local government area, nationality, biometric data, date of birth, occupation, next of kin, and identification numbers (such as national ID, passport, or driver’s license).
  • Contact Information: Phone numbers, email addresses, and physical addresses.
  • Financial Information: Bank account details, BVN, credit history, income information, and tax identification numbers.
  • Employment and Professional Data: Employment status, occupation, employer details, and professional qualifications.
  • Educational Information: Educational background, degrees, and certifications.
  • Biometric Data: Photographs, fingerprints, or other biometric identifiers, if required for specific services.
  • Transactional Information: Details of financial transactions, loan applications, and repayment history.
  • Location Data: Geographical location data, particularly for projects or assets in agricultural areas.
  • Digital Information: IP addresses, device information, and data collected through cookies when using NIRSAL’s digital platforms.

Why We Use Your Information
NIRSAL PLC collects personal data to fulfil several purposes, primarily related to its mission of improving access to finance for agricultural stakeholders in Nigeria. The reasons for collecting personal data typically include:

  1. Loan and Financing Processes: To assess the eligibility of individuals and organizations for credit risk guarantees, insurance, and other financial services.
  2. Risk Assessment: To evaluate the creditworthiness and risk profile of applicants, helping NIRSAL mitigate financial risks associated with lending.
  3. Program Participation: To manage and monitor participation in its various agricultural programs and initiatives, including tracking progress and outcomes.
  4. Regulatory Compliance: Collecting personal data ensures compliance with local laws and regulations, including anti-money laundering (AML) and know-your-customer (KYC) requirements.
  5. Communication and Support: To communicate effectively with stakeholders, providing updates, support, and other relevant information.
  6. Performance Monitoring and Reporting: To analyse and report on the impact of its initiatives, personal data helps in tracking and evaluating the effectiveness of programs and policies.

These purposes align with NIRSAL’s broader objective of enhancing agricultural productivity and financial inclusion in Nigeria.

Lawful Basis for Processing
NIRSAL PLC processes personal data based on the following legal grounds:

  1. Consent: Where you have provided explicit consent for the processing of your personal data, especially when participating in their programs or applying for financial services.
  2. Contractual Necessity: Processing is necessary for the performance of a contract to which the data subject is a party, such as when applying for financing, or other services provided by NIRSAL.
  3. Legal Obligations: NIRSAL processes personal data to comply with legal obligations, including regulatory requirements such as Know-Your-Customer (KYC), anti-money laundering (AML) laws, and other financial regulations.
  4. Legitimate Interests: NIRSAL may process personal data to pursue its legitimate interests, such as risk assessment, fraud prevention, and enhancing security, provided these interests are not overridden by the rights and freedoms of the data subjects.

Sharing and Disclosure of Information
The Nigeria Data Protection Act (NDPA) 2023 and the Nigerian Data Protection Regulation (NDPR) 2019 are the primary legal framework that establishes the basis for the sharing and disclosure of information by NIRSAL, provided that such activities comply with the stipulated ethical and legal standards. Additionally, the Central Bank of Nigeria (CBN) Act indirectly influences the sharing of information within NIRSAL, as NIRSAL operates under the regulatory oversight of the CBN, which may require data sharing for compliance and supervision purposes.
NIRSAL shares and discloses personal data primarily with entities that are essential to its operations. These includes:

  • Authorized personnel with a legitimate need to know.
  • Financial Institutions: Banks, microfinance institutions, and other financial entities involved in providing loans, credit facilities, or other financial services as part of NIRSAL’s programs.
  • Government Agencies: Regulatory bodies and government institutions for compliance with legal and regulatory obligations, including anti-money laundering (AML) and Know-Your-Customer (KYC) requirements.
  • Service Providers: Third-party service providers that help NIRSAL in delivering its services, including IT service providers, consultants, auditors, and data analytics companies.
  • Partners and Collaborators: Organizations and institutions collaborating with NIRSAL on agricultural programs, research, and development projects.
  • Law Enforcement and Legal Authorities: When required by law, NIRSAL may share data with law enforcement agencies, courts, or other legal authorities for investigations, legal proceedings, or regulatory compliance.
  • Insurance Companies: In cases where insurance services are part of the financial products offered, data may be shared with relevant insurance companies for policy issuance, claims processing, and risk management.

NIRSAL ensures that data sharing is conducted in compliance with applicable data protection laws and regulations, safeguarding the privacy and security of the data subjects.

Data Security
NIRSAL uses a secure infrastructure to protect your data from unauthorized access, disclosure, alteration, or destruction. These include:

  • Secure encryption and storage of data.
  • Continuous security audits and assessments.
  • Access controls and proper authentication protocols.
  • Employee training about how to secure and handle private data safely.

We will not sell your personal information. We will not disclose your personal information to third parties outside of NIRSAL PLC, except for the purposes described in this privacy notice, unless we have your consent, at your request, or are required by law to do so.

Data Retention
NIRSAL PLC retains personal data in line with our retention policy, and as it is required to meet the purposes for which it was collected, or as required by applicable law. When personal data is no longer needed, it is securely deleted or anonymized.

Right to Access your data You can ask to see your personal information and obtain a copy. If you make a subject access request (SAR), we will provide a copy of the personal information we hold about you, but we can’t give you any information about other people.
Right to Rectification You can ask us to correct your personal data if you think it is wrong or incomplete.
Right to Data Portability

 

You have the right to request the transfer of your data to another organization. If permitted by regulatory requirements, we will facilitate the transfer of your personal information.
Right to Restriction You have the right to request the restriction of processing under certain circumstances.
Right to Objection You can tell us to stop using your personal information. However, if there is an overriding reason why we need to use the information (for example, legal reasons), we will not accept your request.
Right to Erasure  You can ask us to delete your personal information if the purpose of collection has been fulfilled, you withdraw your consent, you object to its use, you think it was obtained unlawfully, or the law requires us to delete it. However, we may not be able to delete your data if there are other legal or contractual reasons.
 

Right to

Withdraw

Consent

If applicable, you have the right to withdraw your consent for the processing of your personal data for a specific purpose. However, if there is a compelling reason for us to use the information (such as legal or contractual obligations), we may not be able to honor your request.
 

Right to know about automated decision-making

You have the right to be informed about the presence of automated decision-making, including profiling,

the importance and potential impacts of such processing and the right to object to this type of processing as an individual.

 

 

 

 

Right to Lodge a Complaint You have the right to lodge a complaint with the Nigeria Data Protection Commission, NDPC if you think there is a problem with how we handle your personal information.

 

Contact Us
Should you have any questions, concerns, or complaints about this Privacy Statement or the processing of your data, you can contact us at:

NIRSAL House,
Plot 1581, Tigris Crescent,
Off Aguiyi Ironsi Street,
Maitama, Abuja.
Email: [email protected]
Telephone: +234 704 257 5261, +234 704 219 3708

Data Protection Officer (DPO) Contact Details
For any data protection queries or to exercise your rights, you may address yourself to our Data Protection Officer (DPO):

Data Protection Officer
Name: Bello Usman Muhammad
Email: [email protected]

Changes to This Privacy Statement
NIRSAL PLC may update this Privacy Statement from time to time to reflect any Changes in our Data Practices. To stay informed, please visit this page, where we will post any amendments.

If you find any aspect of our Privacy Policy unsatisfactory or unclear, you can Contact our DPO. We are Committed to Safeguarding Your Data Privacy Rights. Your Privacy is of Utmost Importance to Us.

This Privacy Policy was last Updated on 15th October, 2024