This Data Privacy Policy explains how NOBLE MICROFINANCE BANK Limited (“Noble”, "the bank", “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data in compliance with the Nigeria Data Protection Act (NDPA 2023), NDPR, CBN regulations, and applicable international standards.
The Bank is committed to processing personal data lawfully, fairly, transparently, securely, and only for specified and legitimate purposes, while safeguarding the rights of data subjects across all its operations.
This Notice applies to customers, employees, agents, vendors, guarantors, job applicants, and all individuals whose personal data is processed by the Bank, whether through manual or automated systems.
We may collect and process personal data including:
Identity information such as name, date of birth, gender, photographs, BVN, NIN, and government-issued ID documents
Contact information such as phone number, email address, and residential or business address
Financial and transactional data including loan records, repayment history, credit information, and bank details
Employment, guarantor, and next-of-kin information (where applicable)
Biometric and location data (where required for onboarding or service delivery)
Device and usage data collected through our digital platforms and cookies
Sensitive personal data may include health information, biometric data, religious beliefs, criminal records, BVN, and other categories permitted under applicable law.
2.2 Why We Collect Your Data
We collect and use personal data to:
Verify identity and comply with KYC, AML, and CFT requirements
Process loan applications and assess creditworthiness
Disburse, manage, and recover loans
Open and manage customer accounts
Assign credit scores and manage risk
Communicate with customers and provide support
Prevent fraud and conduct internal audits
Meet legal, regulatory, and reporting obligations
Manage staff records, payroll, and HR processes
Resolve disputes and support legal proceedings
We process personal data based on one or more of the following lawful bases:
Consent – where explicitly given (e.g., biometric onboarding, surveys, testimonials, location tracking)
Contractual Necessity – to provide banking, employment, and loan services
Legal Obligation – to comply with CBN, NDPC, credit bureau, tax, and other regulatory requirements
Vital Interests – to protect life or health in emergency situations
Public Interest / Official Mandate – for government or regulatory financial initiatives
Legitimate Interests – for fraud prevention, security monitoring, analytics, service improvement, and loan recovery
We may share personal data with:
Regulatory and supervisory authorities (CBN, NDPC, NDIC, EFCC, courts)
Credit bureaus and verification platforms (e.g., CRC, First Central)
Vendors and service providers under data protection or NDA agreements
Auditors, consultants, and legal advisers under confidentiality obligations
We do not sell personal data. Data is disclosed only where legally required, contractually necessary, or with the data subject’s consent. Where personal data is transferred outside Nigeria, appropriate safeguards are implemented in line with applicable laws.
Noble uses cookies and similar technologies on its websites and mobile platforms to ensure functionality, enhance security, analyze performance, and improve user experience. Users may accept, reject, or manage cookie preferences through the Cookie Consent Banner. Consent is required for non-essential cookies, and cookie usage is periodically reviewed and audited.
We implement organizational, physical, and technical safeguards to protect personal data, including:
Role-based access controls and confidentiality obligations
Encryption, secure servers, firewalls, and multi-factor authentication
Staff training on data protection and cybersecurity
Regular audits, penetration testing, and incident monitoring
Personal data is retained only as long as necessary, including:
Customer and loan records: minimum of 6 years after account closure or loan resolution
Employee records: 5 years after disengagement (unless required longer by law)
CCTV footage: 30–90 days unless required for investigation
Job applicant data: 1 year unless extended with consent
Data is securely deleted or destroyed when no longer required.
You have the right to:
Access and correct your personal data
Withdraw consent where processing is consent-based
Object to certain processing activities
Request data erasure or portability
Lodge a complaint with the Nigeria Data Protection Commission (NDPC)
All privacy-related enquiries or complaints may be submitted physically or electronically and will be acknowledged within three (3) business days.
This Privacy Notice may be reviewed or updated periodically to reflect changes in law, regulation, or business operations. Updates will be posted on this page with a new “Last Updated” date. Where required, we will seek your renewed consent for any material changes.
