Privacy Policy
Privacy Policy
Privacy Policy
Privacy Policy
Privacy Policy
January 5, 2026
January 5, 2026
1.1 Preamble
1.1 Preamble
This Data Privacy Policy explains how NOBLE MICROFINANCE BANK Limited (“Noble”, "the bank", “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data in compliance with the Nigeria Data Protection Act (NDPA 2023), NDPR, CBN regulations, and applicable international standards.
The Bank is committed to processing personal data lawfully, fairly, transparently, securely, and only for specified and legitimate purposes, while safeguarding the rights of data subjects across all its operations.
This Notice applies to customers, employees, agents, vendors, guarantors, job applicants, and all individuals whose personal data is processed by the Bank, whether through manual or automated systems.
This Data Privacy Policy explains how NOBLE MICROFINANCE BANK Limited (“Noble”, "the bank", “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data in compliance with the Nigeria Data Protection Act (NDPA 2023), NDPR, CBN regulations, and applicable international standards.
The Bank is committed to processing personal data lawfully, fairly, transparently, securely, and only for specified and legitimate purposes, while safeguarding the rights of data subjects across all its operations.
This Notice applies to customers, employees, agents, vendors, guarantors, job applicants, and all individuals whose personal data is processed by the Bank, whether through manual or automated systems.
This Data Privacy Policy explains how NOBLE MICROFINANCE BANK Limited (“Noble”, "the bank", “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data in compliance with the Nigeria Data Protection Act (NDPA 2023), NDPR, CBN regulations, and applicable international standards.
The Bank is committed to processing personal data lawfully, fairly, transparently, securely, and only for specified and legitimate purposes, while safeguarding the rights of data subjects across all its operations.
This Notice applies to customers, employees, agents, vendors, guarantors, job applicants, and all individuals whose personal data is processed by the Bank, whether through manual or automated systems.
2.1 Information We Collect
2.1 Information We Collect
We may collect and process personal data including:
We may collect and process personal data including:
We may collect and process personal data including:
Identity information such as name, date of birth, gender, photographs, BVN, NIN, and government-issued ID documents
Identity information such as name, date of birth, gender, photographs, BVN, NIN, and government-issued ID documents
Identity information such as name, date of birth, gender, photographs, BVN, NIN, and government-issued ID documents
Contact information such as phone number, email address, and residential or business address
Contact information such as phone number, email address, and residential or business address
Contact information such as phone number, email address, and residential or business address
Financial and transactional data including loan records, repayment history, credit information, and bank details
Financial and transactional data including loan records, repayment history, credit information, and bank details
Financial and transactional data including loan records, repayment history, credit information, and bank details
Employment, guarantor, and next-of-kin information (where applicable)
Employment, guarantor, and next-of-kin information (where applicable)
Employment, guarantor, and next-of-kin information (where applicable)
Biometric and location data (where required for onboarding or service delivery)
Biometric and location data (where required for onboarding or service delivery)
Biometric and location data (where required for onboarding or service delivery)
Device and usage data collected through our digital platforms and cookies
Device and usage data collected through our digital platforms and cookies
Device and usage data collected through our digital platforms and cookies
Sensitive personal data may include health information, biometric data, religious beliefs, criminal records, BVN, and other categories permitted under applicable law.
Sensitive personal data may include health information, biometric data, religious beliefs, criminal records, BVN, and other categories permitted under applicable law.
Sensitive personal data may include health information, biometric data, religious beliefs, criminal records, BVN, and other categories permitted under applicable law.
2.2 Why We Collect Your Data
2.2 Why We Collect Your Data
We collect and use personal data to:
We collect and use personal data to:
Verify identity and comply with KYC, AML, and CFT requirements
Verify identity and comply with KYC, AML, and CFT requirements
Verify identity and comply with KYC, AML, and CFT requirements
Process loan applications and assess creditworthiness
Process loan applications and assess creditworthiness
Process loan applications and assess creditworthiness
Disburse, manage, and recover loans
Disburse, manage, and recover loans
Disburse, manage, and recover loans
Open and manage customer accounts
Open and manage customer accounts
Open and manage customer accounts
Assign credit scores and manage risk
Assign credit scores and manage risk
Assign credit scores and manage risk
Communicate with customers and provide support
Communicate with customers and provide support
Communicate with customers and provide support
Prevent fraud and conduct internal audits
Prevent fraud and conduct internal audits
Prevent fraud and conduct internal audits
Meet legal, regulatory, and reporting obligations
Meet legal, regulatory, and reporting obligations
Meet legal, regulatory, and reporting obligations
Manage staff records, payroll, and HR processes
Manage staff records, payroll, and HR processes
Manage staff records, payroll, and HR processes
Resolve disputes and support legal proceedings
Resolve disputes and support legal proceedings
Resolve disputes and support legal proceedings
3.1 Lawful Basis for Processing
3.1 Lawful Basis for Processing
We process personal data based on one or more of the following lawful bases:
We process personal data based on one or more of the following lawful bases:
We process personal data based on one or more of the following lawful bases:
Consent – where explicitly given (e.g., biometric onboarding, surveys, testimonials, location tracking)
Consent – where explicitly given (e.g., biometric onboarding, surveys, testimonials, location tracking)
Consent – where explicitly given (e.g., biometric onboarding, surveys, testimonials, location tracking)
Contractual Necessity – to provide banking, employment, and loan services
Contractual Necessity – to provide banking, employment, and loan services
Contractual Necessity – to provide banking, employment, and loan services
Legal Obligation – to comply with CBN, NDPC, credit bureau, tax, and other regulatory requirements
Legal Obligation – to comply with CBN, NDPC, credit bureau, tax, and other regulatory requirements
Legal Obligation – to comply with CBN, NDPC, credit bureau, tax, and other regulatory requirements
Vital Interests – to protect life or health in emergency situations
Vital Interests – to protect life or health in emergency situations
Vital Interests – to protect life or health in emergency situations
Public Interest / Official Mandate – for government or regulatory financial initiatives
Public Interest / Official Mandate – for government or regulatory financial initiatives
Public Interest / Official Mandate – for government or regulatory financial initiatives
Legitimate Interests – for fraud prevention, security monitoring, analytics, service improvement, and loan recovery
Legitimate Interests – for fraud prevention, security monitoring, analytics, service improvement, and loan recovery
Legitimate Interests – for fraud prevention, security monitoring, analytics, service improvement, and loan recovery
4.1 Who We Share Your Data With
4.1 Who We Share Your Data With
We may share personal data with:
We may share personal data with:
We may share personal data with:
Regulatory and supervisory authorities (CBN, NDPC, NDIC, EFCC, courts)
Regulatory and supervisory authorities (CBN, NDPC, NDIC, EFCC, courts)
Regulatory and supervisory authorities (CBN, NDPC, NDIC, EFCC, courts)
Credit bureaus and verification platforms (e.g., CRC, First Central)
Credit bureaus and verification platforms (e.g., CRC, First Central)
Credit bureaus and verification platforms (e.g., CRC, First Central)
Vendors and service providers under data protection or NDA agreements
Vendors and service providers under data protection or NDA agreements
Vendors and service providers under data protection or NDA agreements
Auditors, consultants, and legal advisers under confidentiality obligations
Auditors, consultants, and legal advisers under confidentiality obligations
Auditors, consultants, and legal advisers under confidentiality obligations
We do not sell personal data. Data is disclosed only where legally required, contractually necessary, or with the data subject’s consent. Where personal data is transferred outside Nigeria, appropriate safeguards are implemented in line with applicable laws.
We do not sell personal data. Data is disclosed only where legally required, contractually necessary, or with the data subject’s consent. Where personal data is transferred outside Nigeria, appropriate safeguards are implemented in line with applicable laws.
We do not sell personal data. Data is disclosed only where legally required, contractually necessary, or with the data subject’s consent. Where personal data is transferred outside Nigeria, appropriate safeguards are implemented in line with applicable laws.
5.1 Cookies and Digital Tracking
5.1 Cookies and Digital Tracking
Noble uses cookies and similar technologies on its websites and mobile platforms to ensure functionality, enhance security, analyze performance, and improve user experience. Users may accept, reject, or manage cookie preferences through the Cookie Consent Banner. Consent is required for non-essential cookies, and cookie usage is periodically reviewed and audited.
Noble uses cookies and similar technologies on its websites and mobile platforms to ensure functionality, enhance security, analyze performance, and improve user experience. Users may accept, reject, or manage cookie preferences through the Cookie Consent Banner. Consent is required for non-essential cookies, and cookie usage is periodically reviewed and audited.
Noble uses cookies and similar technologies on its websites and mobile platforms to ensure functionality, enhance security, analyze performance, and improve user experience. Users may accept, reject, or manage cookie preferences through the Cookie Consent Banner. Consent is required for non-essential cookies, and cookie usage is periodically reviewed and audited.
6.1 How We Protect and Store Your Data
6.1 How We Protect and Store Your Data
We implement organizational, physical, and technical safeguards to protect personal data, including:
We implement organizational, physical, and technical safeguards to protect personal data, including:
We implement organizational, physical, and technical safeguards to protect personal data, including:
Role-based access controls and confidentiality obligations
Role-based access controls and confidentiality obligations
Role-based access controls and confidentiality obligations
Encryption, secure servers, firewalls, and multi-factor authentication
Encryption, secure servers, firewalls, and multi-factor authentication
Encryption, secure servers, firewalls, and multi-factor authentication
Staff training on data protection and cybersecurity
Staff training on data protection and cybersecurity
Staff training on data protection and cybersecurity
Regular audits, penetration testing, and incident monitoring
Regular audits, penetration testing, and incident monitoring
Regular audits, penetration testing, and incident monitoring
Personal data is retained only as long as necessary, including:
Personal data is retained only as long as necessary, including:
Personal data is retained only as long as necessary, including:
Customer and loan records: minimum of 6 years after account closure or loan resolution
Customer and loan records: minimum of 6 years after account closure or loan resolution
Customer and loan records: minimum of 6 years after account closure or loan resolution
Employee records: 5 years after disengagement (unless required longer by law)
Employee records: 5 years after disengagement (unless required longer by law)
Employee records: 5 years after disengagement (unless required longer by law)
CCTV footage: 30–90 days unless required for investigation
CCTV footage: 30–90 days unless required for investigation
CCTV footage: 30–90 days unless required for investigation
Job applicant data: 1 year unless extended with consent
Job applicant data: 1 year unless extended with consent
Job applicant data: 1 year unless extended with consent
Data is securely deleted or destroyed when no longer required.
Data is securely deleted or destroyed when no longer required.
Data is securely deleted or destroyed when no longer required.
7.1 Your Rights
7.1 Your Rights
You have the right to:
You have the right to:
You have the right to:
Access and correct your personal data
Access and correct your personal data
Access and correct your personal data
Withdraw consent where processing is consent-based
Withdraw consent where processing is consent-based
Withdraw consent where processing is consent-based
Object to certain processing activities
Object to certain processing activities
Object to certain processing activities
Request data erasure or portability
Request data erasure or portability
Request data erasure or portability
Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
8.1 Enquiries and Complaints
8.1 Enquiries and Complaints
All privacy-related enquiries or complaints may be submitted physically or electronically and will be acknowledged within three (3) business days.
All privacy-related enquiries or complaints may be submitted physically or electronically and will be acknowledged within three (3) business days.
All privacy-related enquiries or complaints may be submitted physically or electronically and will be acknowledged within three (3) business days.
9.1 Updates to This Notice
9.1 Updates to This Notice
This Privacy Notice may be reviewed or updated periodically to reflect changes in law, regulation, or business operations. Updates will be posted on this page with a new “Last Updated” date. Where required, we will seek your renewed consent for any material changes.
This Privacy Notice may be reviewed or updated periodically to reflect changes in law, regulation, or business operations. Updates will be posted on this page with a new “Last Updated” date. Where required, we will seek your renewed consent for any material changes.
This Privacy Notice may be reviewed or updated periodically to reflect changes in law, regulation, or business operations. Updates will be posted on this page with a new “Last Updated” date. Where required, we will seek your renewed consent for any material changes.
14, Mercedez Avenue Amafor Onitsha, Anambra state
14, Mercedez Avenue Amafor Onitsha, Anambra state
© 2025 Noble Microfinance Bank, All Rights Reserved.
© 2025 Noble Microfinance Bank, All Rights Reserved.