This Privacy Policy (“Privacy Policy”) governs the use of Fiducia Data Services Limited’s (the “Company”) supply chain financing platform hosted on “www.myfiducia.com” (the “Platform”) and the services being provided on the Platform (“the Platform Services”). This Privacy Policy has been duly framed in accordance with the Nigerian Data Protection Act (NDPA) 2023, Nigerian Data Protection Regulations (NDPR) 2019, the NDPR Implementation Framework 2020, and the rules made thereunder, and other applicable laws to ensure maximum protection of the personal data provided by the Platform’s user(s) (“you”).

We recognize the importance our customers place on the privacy and security of their business and personal information. Our goal is to protect your personal information in every way that we interact with you, whether on the internet or otherwise.

In order to inform you of the policies, procedures, and security measures that we have in place to safeguard your personal information, we have developed this Privacy Policy to help you to understand the steps we take in our collection, use, storage, retention, sharing and protection of your personal information when you access or utilize the Platform, including the Platform’s database, applications, services, tools etc., irrespective of how you access or use them.

By clicking the “submit button” and creating an account on the Platform, you are consenting to and accepting the practices, terms and conditions pertaining to collection, retention and use of information set forth in this Privacy Policy. If you do not agree to the Privacy Policy, you may exit and cease to use the Platform. In addition to the considerations stipulated under this Privacy Policy, your activities undertaken on the Platform practices, may also be governed by the Procedural Guidelines and the Master Service Agreements (i.e. the Master Buyer Agreement, Master Financier Agreement, and Master Supplier Agreement to the extent applicable) signed by the respective parties with the Company, and any other terms and conditions as published by the Company from time to time.

This Privacy Policy is incorporated in the Terms and Conditions of the Platform and any other agreement, in which there is a specific clause incorporating the Privacy Policy.

1. • Our role in the protection of Personal Information: Mode of Information Collection

• • We are committed to protecting the privacy of the information being provided by you on the Platform.

• • We may collect personally identifiable information about a customer or former customer of the Platform (“Customer Information”).

• • Where we are not processing your personal data at your express direction, we generally do so based on any of the following lawful basis for personal data processing: compliance with a legal obligation; performance of a contract to which you are a party to; vital interest; or legitimate interest.

• • When we engage in a cross-border transfer of any information provided by you on the Platform, we will ensure that we only transfer your information to countries that have adequate data protection laws, or we will rely on the lawful basis of any of the derogations permitted under the Nigeria Data Protection Act, 2023.

• • We may collect, retain and process the information provided by you through e-mail or filing of forms on the Platform including but not limited to information such as your name, address, contact details, email ID, details of the Organization on behalf of whom you are acting or representing (if applicable) and other information such as bank account details or credit card or debit card details or information relating to other payment instruments (“Personal Information”).

• • Further, we collect, store and process such other information including but not limited to information about your transaction undertaken on the Platform, communication made by you, information generated electronically when you visit the Platform or use the Platform Services, and any modifications made to the information provided by you (“Other Information”).

• • The third parties engaged by the Company who provide range of services like website hosting, customer identity verification, digital signature verification, payment processing, etc. (“Third Party Service Providers”) and the Platform may collect general information on the Platform for security and statistical purposes. Such information may include but not limited to certain automatically generated information including your IP address, internet address of the referral site which brought you to visit the Platform, date and time of visiting the Platform, the name and version of your web browser, online activity, and duration of your online session. We and/or the Third Party Service Providers may monitor and collect such information that will enable us to verify your credentials, maintain reasonable security practices, enable inclusion of better Platform Services, fulfil your requests and enhance your user experience. Further, we and/or the Third Party Service Providers may also collect “Cookies” (piece of software code that the Platform automatically sends to your browser when you access the Platform) in order to collect some of the above mentioned information that enable us to provide you a better user experience. In some cases you must accept the Cookies in order to view the Platform. We do not link the information we store on the cookies to any personally identifiable information submitted by you. Advertisements may be displayed on the Platform as well as on third party websites. When you click such advertisements you may receive another Cookie, which you may or may not choose to accept. The use of cookies by the Third Party Service Providers is subject to the privacy policy and other terms and conditions governing their website (“Automatically Generated Information”). Personal Information, Customer Information, Other Information and Automatically Generated Information shall together be referred to as “Personal Information”.

1. • Usage of Collected Information

• • The Personal Information provided by you may be used by us and provided to third party websites, affiliates, consultants, employees in order to manage, collect, store, process the Personal Information in order to improve the quality, design, functionality and content of the Platform and to any governmental authority under any applicable law.

• • The Personal Information provided by you shall be used, with your consent, to communicate with you by us through newsletters, updates and notifications. The communication with you might be recorded but will be kept confidential otherwise than when obligated to disclose to any governmental authority under applicable law.

• • The Personal Information shall be used for purposes only in relation to the Platform and not for any other purposes. The Personal Information shall be retained till the termination of your Master Service Agreement or up to such other period as prescribed under any applicable law.

• • You shall have the right to view the information provided by you and also to update the information and keep us informed of any such change in case the information provided is deficient or inaccurate.

• • You undertake that the Personal Information and Other Information provided by you is true and accurate to the best of your knowledge. You agree and understand that we shall not be liable for the authenticity of the Personal Information and Other Information provided by you. It is your duty to ensure that the information you provide to us is complete, accurate, and up to date, as well as to notify us if any of that information changes so that we can make the appropriate modifications.

• • You shall provide us with all the information requested from you on the Platform or through any other mode of communication. You are not legally obligated to provide us with all the information. However, complete functionality of the Platform shall not be rendered possible if you fail to provide us with certain necessary information for the purpose of the Platform Services. Without prejudice to the aforesaid, you shall have an option to, while availing the Platform Services or otherwise, withdraw your consent to allow us to use the Personal Information provided by you by communicating notice of the consent withdrawal to us in writing through our designated email address as provided on our website.

1. • Disclosure of User Information

• • Any Personal Information provided by you shall be made available to the Third Party Service Providers, third parties, employees, that are connected with or in relation to the Platform Services, who shall not further disclose the Personal Information so availed except under such circumstances where disclosure is permissible by us under the terms and conditions of the Privacy Policy.

• • We may share your Personal Information with our business partners who would like to offer you certain services or promotions.

• • Where our Company is involved in a merger or acquisition transaction or sells its asset to another entity, we may need to transfer your Personal Data in this case.

• • Other than as set out above, we shall not disclose the Personal Information to any third party without your written consent on the basis of the Master Buyer, Supplier or Financier’s Agreement signed with you, provided that such information may be disclosed to governmental agencies or bodies as required under applicable law or to exercise legal rights or defend legal claims or protect the safety of other users or the public or our rights.

1. • Links to third party websites

• The Platform contains links to third party websites. We are not responsible for any content on such third-party websites and we shall not be liable for any breach of privacy policy by such websites. You undertake to read and understand the privacy policy of such third-party websites. For the avoidance of doubt, our Privacy Policy only governs the Personal Information collected, received, possessed, stored, dealt with or handled for the purposes of Platform Services on our Website.

1. • Cookies

• • The Platform uses cookies to distinguish you from other users of the Platform. This helps us to provide you with a good experience when you browse the Platform and also allows us to improve the user experience on the Platform regularly. By continuing to browse the Platform, you are agreeing to our use of cookies.

• • A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

• • We use the following cookies:

• • Strictly necessary cookies – These are cookies that are required for the operation of the Platform. They include, for example, cookies that enable you to log into secure areas of the Platform.

• • Analytical/performance cookies – They allow us to recognise and count the number of visitors and to see how visitors move around the Platform when the visitors are using the Platform. This helps us to improve the way the Platform works, for example, by ensuring that users are finding what they are looking for easily.

• • Functionality cookies – These are used to recognise you when you return to the Platform. This enables us to personalise our content for you, greet you by name and remember your preferences.

• • Targeting cookies – These cookies record your visit to the Platform, the pages you have visited and the links you have followed. We will use this information to make the Platform and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose.

• • You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our sites.

1. • Notification and Updates sent by the Website

• • We send an email notification to individuals once they sign up to avail services on the Platform as a Buyer/Supplier/Financier. We will send security related e-mail notifications once you sign up for “notify me” updates on your account(s). Further, we may send e-mail notifications whenever you change your passcode, security question or designated e-mail address.

1. • Security Practices

• • Personal Information shall be governed by and protected by us in accordance with the Nigerian Data Protection Act (NDPA) 2023, Nigerian Data Protection Regulations, 2019, and the rules made thereunder and any other applicable law.

• • The Company and our Third-Party Service Providers have developed stringent policies and procedures to safeguard Personal Information.

• • The Platform and our Third-Party Service Providers maintain strong physical, electronic, and procedural controls to protect against unauthorized access to Personal Information. Our computer systems are protected in the following ways:

• • computer anti-virus protection detects and prevents viruses from entering our website, email, and computer network systems;

• • firewalls and intrusion prevention systems block unauthorized access by individuals or networks;

• • we use encryption technology, such as Secure Socket Layer (SSL), to protect the transmission of your confidential information. Whenever you log on to the Platform or schedule an online transaction through our system, the communication is encrypted. Encryption scrambles the transferred data which ensures that it cannot be read by any unauthorized parties;

• • we use strong multi-level authentication and behaviour analysis to help prevent unauthorized access to your accounts. Multi-level authentication can help prevent access by someone who may have stolen your login credentials; and we continually monitor technological advances and upgrade our systems to ensure your information remains secure.

• • While we have provided safeguards to secure the Personal Information entrusted to us, your role in ensuring Personal Information security includes, but is not limited to, adopting and enforcing appropriate security measures such as non-sharing of passwords and other platform login details, dealing with only authorized officers or employees of the Company etc.

1. • Beware of Phishing Attempts and Internet Scams

• • While email is convenient and has a good business use, it can also be misused by criminals for scams and various other fraudulent purposes. “Phishing emails” are frequently used by criminals to entice the recipient to visit a fraudulent website where they try to convince the recipient to provide personal & confidential information. Some of these fraudulent websites may also be virus laden and can be used to download malware to your computer. Fraudulent websites often look identical to a legitimate site, so it’s important to look very closely at the website address. Below we have listed a few tips to help protect your personal information on the Internet:

• • always be wary of links in emails, especially any links in emails purporting to be from the Platform;

• • bookmark financial websites and use these bookmarks every time you visit the Platform;

• • whenever you enter personal information like your access ID or passcode, always look for the lock symbol, or ‘https:’ in the address bar. Always click on the lock symbol and review the certificate details;

• • update your Internet browser. Most browsers now offer free anti-phishing tool bars that can help alert you of fraudulent websites;

• • make sure that your computer always has up-to-date versions of both anti-spyware and antivirus software;

• • if you receive an e-mail that you think could be a scam, delete it immediately or contact the helpline numbers of the Platform;

• • if you have any questions about the legitimacy of an email, especially an email from the Platform, you can also contact us at the numbers or Email ID provided under the “Contact Us” section of the website.

1. • Alteration of the Privacy Policy

• • The Privacy Policy may be amended, revised, modified or refined from time to time at our sole discretion and the updated Privacy Policy shall be published on the Platform and no separate communication shall be made in respect of the same. It shall be your responsibility to keep yourself updated with changes to the Privacy Policy by regularly checking the Platform for updates. By accessing the Platform and using the Platforms Services following the updating of this Privacy Policy, you would be consenting to and accepting the updated Privacy Policy.

1. • Disclaimer of liability for Personal Information Security

• • We take appropriate measures as envisaged under Clause 7 of the Privacy Policy for the protection of Personal Information. All our employees, consultants and officers shall always be kept updated of the security and privacy protection procedures or methods. (We take appropriate disciplinary measures to enforce our employee’s privacy protection and confidentiality obligations. We have established training programs to educate our employees about the importance of data privacy protection and to ensure compliance with our policy requirements.).

• • Notwithstanding the aforesaid, despite our efforts to maintain and protect privacy and confidentiality of the Personal Information, we may not be able to exhaustively protect against or prevent unauthorised access or use, software failure or fault, or other factors that may compromise the security of the Personal Information.

• • You agree and understand that the internet is not a secure source and therefore, we cannot guarantee the protection of such Personal Information.

• • For the avoidance of doubt, if any Personal Information is compromised despite our efforts to prevent the occurrence of the same, you shall not hold us liable for such breach of privacy protection under the Privacy Policy of the Platform.

1. • Your Rights as a Data Subject

• At Fiducia, we are committed to upholding your rights as a data subject under the Nigeria Data Protection Act (NDPA) 2023
  These rights empower you to control how your personal data is collected, processed, stored, and shared. Below, we outline your rights:

• • Right to Be Informed
    You have the right to be informed about how Fiducia collects and uses your personal data. This includes the purpose for processing, retention periods, and any third parties with whom your data may be shared.

• • Right of Access
    You can request access to the personal data we hold about you. Upon request, we will provide:

• • A copy of your personal data.

• • Information on how your data is being processed, including the purpose of the processing and any parties with whom it has been shared.

• • Right to Rectification
    If you believe that the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it. We will review and rectify any inaccuracies promptly.

• • Right to Erasure (Right to be Forgotten)
    You have the right to request the deletion of your personal data in certain circumstances, including when:

• • The data is no longer necessary for the purpose for which it was collected.

• • You withdraw consent, and there is no other lawful basis for processing.

• • You object to processing, and there are no overriding legitimate grounds to continue processing.

• Note:
  We may retain certain data where required by law, regulatory obligations, or to fulfill contractual agreements.

• • Right to Restrict Processing
    You have the right to request that we restrict the processing of your personal data under certain circumstances, such as:

• • When you contest the accuracy of the data (restriction lasts until the data is verified).

• • Where processing is unlawful, but you oppose erasure and prefer restriction.

• • Right to Object
    You can object to the processing of your personal data for specific purposes, including:

• • Direct marketing activities.

• • Automated decision-making or profiling.

• • Processing based on our legitimate interests.

• If you object, we will cease processing unless we can demonstrate compelling legitimate grounds to continue.

• • Right to Lodge a Complaint
    Suppose you believe that your data protection rights have been violated. In that case, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) or another relevant regulatory authority.

• • Contact of NDPC: https://www.ndpc.gov.ng/contact/.

• • Rights Related to Automated Decision-Making and Profiling
    You have the right not to be subject to decisions made solely through automated processing, including profiling, that produce legal or similarly significant effects on you. If automated decision-making is used, we will inform you and provide you with the opportunity to request human intervention or challenge the outcome.

• • Right to Data Portability
    You have a right to request the transmission of your personal data to yourself or a third-party data controller or processor where technically feasible.

1. • Data Protection Officer

• • The Company has appointed a Data Protection Officer (DPO) who shall be responsible for overseeing the Company’s data protection strategy as well as its implementation to ensure compliance with data protection requirements under applicable law.

• • The DPO is knowledgeable on data privacy and protection principles and is familiar with the provisions of the NDPR.

• • If you have any questions or desire to address any grievances caused by breach of the privacy policy on this Platform, please contact the DPO at Hello@myfiducia.com. Alternatively, the DPO may be reached at the following address:

• – The Rock Tower, Rock Drive, Lekki Phase 1, Lagos, Nigeria

• • The DPO shall redress all the grievances expeditiously but within one (1) month from the date of receipt of the grievance.

1. • Available Remedies in the Case of Breach or Likelihood of Breach

• In the case of high likelihood of imminent breach, reasonable suspicion of breach, or an actual breach of any of the obligations with respect to your personal data, a data breach procedure is established and maintained in order to deal with incidents concerning personal data or privacy practices leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. On notification of such breach, the Company will investigate to determine if there is an imminent threat of breach or whether an actual breach has occurred and will immediately take the necessary actions required to manage such breach or prevent such imminent breach, communicate with the subject of the breach and take appropriate action under its dispute resolution framework to remedy such breach.

1. • Remedies for Breaches of this Privacy Policy

• At Fiducia, we take the protection of your personal data seriously and have implemented measures to address any breaches of this Privacy Policy in accordance with the provisions of the Nigeria Data Protection Regulation (NDPR). If a user, partner, or stakeholder is found to have violated this Privacy Policy or engaged in activities that compromise the confidentiality, integrity, or lawful processing of personal data, Fiducia reserves the right to take the following remedies and corrective actions:

• • Issuance of Warnings

• • Fiducia may issue formal warnings to users or partners who breach this Privacy Policy, depending on the severity and nature of the violation.

• • Warnings serve as a notice to ensure compliance with our data protection standards.

• • Temporary Suspension of Services

• • Fiducia reserves the right to suspend access to services, platforms, or accounts of users or entities involved in breaches.

• • Temporary suspension will be applied where breaches are deemed significant but may be resolved pending corrective action.

• • Disabling of Accounts

• • In cases of repeated or severe breaches, Fiducia may disable accounts or terminate services to users or entities who fail to comply with our data protection policies.

• • This action ensures that the integrity of our systems and data protection obligations are maintained.

• • Legal Action

• • Where applicable, Fiducia may pursue legal remedies, including reporting significant breaches to the Nigeria Data Protection Commission (NDPC) or other regulatory authorities.

• • Legal action may also include claims for damages resulting from non-compliance or harm caused by the breach.

• • Notification of Breach

• • In compliance with the NDPR and other relevant laws, Fiducia will notify affected individuals and relevant authorities of any data breach where necessary.

• • Such notifications will include details of the breach, actions taken to mitigate risks, and remedies available to affected individuals.